Auth0 Home Blog Docs

Adding email_verified to accessToken

rules
access-token
email-verification

#1

Hello, is it possible to add email_verified to accessToken when the user logs in? Would there be advice against this for some reason? Thanks!


#2

In our docs for access token there is a section for Custom Claims which references looking into Scopes


#3

Thank you. I’m assuming this means the answer is yes, as long as I respect the namespacing rules, and use Rules :wink:


#4

@picosam that is correct. You can simply do this in any rule and it will be inside the access token whenever the access_token is returned as a JWT. That is, whenever you call /authorize with a valid audience.

context.accessToken['https://example.com/claims/email_verified'] = user.email_verified