Adding Hasura claims with actions

Hasura docs show how to integrate Auth0 JWT with it’s graphql api.

But they are using Rules to add the claims.
It looks like Auth0 is recommending Actions now.

I tried to make add the claims using actions but it is not working, I don’t see the custom claims in the token:

exports.onExecuteCredentialsExchange = async (event, api) => {
  const namespace = "https://hasura.io/jwt/claims";
  const {user} = event
  api.accessToken[namespace] =
    {
      'x-hasura-default-role': 'user',
      // do some custom logic to decide allowed roles
      'x-hasura-allowed-roles': ['user'],
      'x-hasura-user-id': user.user_id
    };
};

I’ve attached this to the Machine to Machine flow.
What am I missing?

1 Like

Hi @ulisses,

Welcome to the Auth0 Community!

I understand that you are looking to add Hasura claims with Actions.

First, I’d like to emphasize that Rules are triggered after a user authenticates to your application.

In other words, this would be equivalent to a Post-Login Action. In the Hasura documentation, they are adding custom claims to the accessToken like this example.

To accomplish this with Actions, you’ll need to use a Post-Login Action script to add the Hasura claims to tokens and pass the event.user.user_id as the user’s ID.

For example:

exports.onExecutePostLogin = async (event, api) => {
  const namespace = "https://hasura.io/jwt/claims";
  api.accessToken.setCustomClaim(namespace,
    {
      'x-hasura-default-role': 'user',
      // do some custom logic to decide allowed roles
      'x-hasura-allowed-roles': ['user'],
      'x-hasura-user-id': event.user.user_id
    });
};

You may also find these resources useful:
https://auth0.com/docs/actions/triggers/post-login/event-object
https://auth0.com/docs/actions/triggers/post-login/api-object

Please let me know how this works for you.

Thank you.

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.