Hi There,
I would like to pass additional info (session-specific) when requesting a POST to Auth0 to generate a token.
This is for a machine-to-machine request.
I would like this additional info to be included in the generated JWT token.
How can I do that in Auth0?
Thanks in advance 
h
Hey @henreman, Welcome to the Auth0 Community!
m2m grant or client credential grants have a way to customize/add information in tokens and i.e using Hooks!
More information here:
Check this out and let me know how you go!
Regards,
Sidharth
Thanks Sidharth,
If I’m understanding correctly, the additional claims needs to be pushed through programmatically?
Is there a way to add additional claims to the generated JWT token just via plain REST POST call? (ie. via Postman)
Cheers,
h
hey @henreman, No the rest api call directly does not provide this functionality.
To customize the access token for m2m this is the only current flow.
Ah gotcha,
I have read through the “Create a Hook” guide and here’s the instruction I find:
I assume this code gets executed on say “Client Credentials Exchange”?
But how does the “caller” of this endpoint pass the additional claims? The example only shows hard-coded claims?
Cheers,
h
@henreman You have to bear in mind that JWTs are immutable. This means that, after they have been issued, there is no way to edit a JWT token without invalidating it.
The Client Credentials hook allows you to allow extra claims to the token before it’s issued, enriching it with either a hardcoded value, or a value that you gather from any of the objects available within the hook (context, for example). The Hook does allow for Javascript code, which you can leverage to work around the context and maybe add conditionals, but there is no way to change the token once it has been issued.
Do you have an example of information that you would like to add to the token, that could not be gathered before the token is issued?
@joseantonio.rey thanks for the input.
I am trying to add claims to the token before it is being generated, not after.
I have had experience generating JWT tokens manually in the .NET world using Microsoft JWT library and we were able to attach any number of claims before the token is generated.
I am wondering the same for how can I do that in Auth0.
In the code sample above, it doesn’t say how a client of Auth0 can pass additional claims to be included in the token; the example only showed hard-coded ones.
Cheers,
h
Hello, @henreman,
We do not have any written examples of this, but you could include additional parameters in the body of your POST request, and then check for them in the Hook using the context.body object. For example, I added a testing key with a value of 123, and my Hook returned context.body.testing had a value of 123. You could then use that context.body.youradditionalvalue value in order to enrich the token like in the example, instead of using the bar value.
