Adding email_verified to accessToken

picosam · May 6, 2018, 9:15am

Hello, is it possible to add email_verified to accessToken when the user logs in? Would there be advice against this for some reason? Thanks!

jerdog · May 7, 2018, 3:52pm

In our docs for access token there is a section for Custom Claims which references looking into Scopes

picosam · May 7, 2018, 4:07pm

Thank you. I’m assuming this means the answer is yes, as long as I respect the namespacing rules, and use Rules

sgmeyer · May 7, 2018, 7:53pm

@picosam that is correct. You can simply do this in any rule and it will be inside the access token whenever the access_token is returned as a JWT. That is, whenever you call /authorize with a valid audience.

context.accessToken['https://example.com/claims/email_verified'] = user.email_verified

Topic		Replies	Views
Rule to add user email to access token? Help	8	5689	September 16, 2021
Difficulties in Adding Non-Restricted Claims to JWT Token Help apis , application	6	959	May 12, 2023
Add email to initial token? Help	6	5697	April 23, 2020
I can't add the user email on access_token Help jwt , rules , login	4	4423	June 8, 2022
Getting email address in accessToken using webAuth.login() Help jwt , auth0 , rules , login	1	1986	January 21, 2022

Adding email_verified to accessToken

Related Topics