Add org_id to access token returned from Resource Owner Password Flow

Hello, I’m using the Resource Owner Password Flow to obtain an access token which I then use to access my API in e2e tests with Cypress. The issue is that the access token I get back does not contain an org_id since the Resource Owner Password Flow is not supported in the context of Organizations - however, our API requires the access token to contain an org_id, otherwise, the user will not be allowed to access any endpoints. Is there a way to add an org_id to the access token returned from the Resource Owner Password Flow?

I understand that I can utilize the Authorization Code Flow which utilizes the /authorize endpoint in order to add an org_id to the access token. However, this flow does not allow me to authenticate through a specific user. In this case, I need to receive an access token for a test user that I’m using in the e2e tests but I also need the token to contain an org_id as well.

Any help/advice is greatly appreciated!

Hello @simon17 welcome to the community!

Unfortunately, as far I can tell this is not possible - Even if you temporarily disable organization for a specific application, and use the ROP flow + a rule to manually add a custom claim of org_id, you won’t be able to as org_id is subject to restrictions.

The only option I can think of while using the ROP flow is to add a custom claim with an org_id but naming it something else, like org_id1 - Obviously not ideal, but an option if you can work around this in testing.

function (user, context, callback) {

    context.accessToken.org_id1 = "your_org_id";
  	context.idToken.org_id1 = "your_org_id";
  
  	return callback(null, user, context);

}

Thanks for the reply @tyf ! Do you know if the Auth0 team has any plans in the near future to enable the support of Organizations in the ROP flow? This would be a great feature to have when it comes to have.

Hey @simon17 no problem, I’m happy to help where I can!

ROPG support for organizations is on the radar (primarily for testing purposes similar to your needs), but there are no plans to support in the near future. I do however recommend creating a feedback request for this as I don’t currently see anything related. It would be good to have it on record and the more votes it gets from community members the more likely it is to get attention.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.