Add user_id to access token via Passwordless API

Hi,

I’m attempting to set up passwordless login for a project, but I’m not able to figure out how I add the user_id to the access token. Am I wrong for assuming that having an access token without any information has no benefit to me, because I can’t pull anything from the database without at least an identifier?

Am I supposed to also send the id_token when sending API requests? I don’t see this done anywhere else.

I tried to create a rule, and the realtime log shows that my console.log works and the fields I try to set are working

function addUserIDToAccessToken(user, context, callback) {

  context.accessToken[`https://example.com/user_id`] = user.user_id;
  
  return callback(null, user, context);
}

How come I still receive an access token that doesn’t have a payload at all? Am I doing something wrong, or am I supposed to approach this in a different way?

I just had this issue myself today.

When you login (where you specify domain and clientId), you’ll need to specify audience and scope. You’ll also need to make sure those are defined in the Auth0 dashboard, under Applications > APIs.

This should indicate to Auth0 that you are trying to use the access token to hit an API. The payload should not be empty anymore, and your rule should run.

This page kinda explains it a bit more: Sample Use Cases: Scopes and Claims

Hope that helps, and good luck!