Adding Hasura claims with actions

Hasura docs show how to integrate Auth0 JWT with it’s graphql api.
https://hasura.io/docs/latest/graphql/core/guides/integrations/auth0-jwt.html#guides-auth0-jwt

But they are using Rules to add the claims.
It looks like Auth0 is recommending Actions now.

I tried to make add the claims using actions but it is not working, I don’t see the custom claims in the token:

exports.onExecuteCredentialsExchange = async (event, api) => {
  const namespace = "https://hasura.io/jwt/claims";
  const {user} = event
  api.accessToken[namespace] =
    {
      'x-hasura-default-role': 'user',
      // do some custom logic to decide allowed roles
      'x-hasura-allowed-roles': ['user'],
      'x-hasura-user-id': user.user_id
    };
};

I’ve attached this to the Machine to Machine flow.
What am I missing?

Hi @ulisses,

Welcome to the Auth0 Community!

I understand that you are looking to add Hasura claims with Actions.

First, I’d like to emphasize that Rules are triggered after a user authenticates to your application.

In other words, this would be equivalent to a Post-Login Action. In the Hasura documentation, they are adding custom claims to the accessToken like this example.

To accomplish this with Actions, you’ll need to use a Post-Login Action script to add the Hasura claims to tokens and pass the event.user.user_id as the user’s ID.

For example:

exports.onExecutePostLogin = async (event, api) => {
  const namespace = "https://hasura.io/jwt/claims";
  api.accessToken.setCustomClaim(namespace,
    {
      'x-hasura-default-role': 'user',
      // do some custom logic to decide allowed roles
      'x-hasura-allowed-roles': ['user'],
      'x-hasura-user-id': event.user.user_id
    });
};

You may also find these resources useful:
https://auth0.com/docs/actions/triggers/post-login/event-object
https://auth0.com/docs/actions/triggers/post-login/api-object

Please let me know how this works for you.

Thank you.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.