Anyway to set the value for scopes on the accessToken myself?

I currently set custom claims on an access token during a couple of login flow actions. I am building an API using AWS’s HTTP API, it has built-in support for authorizing JWT tokens however it checks the scope claim to validate the scopes.

If I could set the scopes myself on the access token I wouldn’t need to build a custom Lambda authorizer.

Hi @chinds

Here’s a rule skeleton to start from:

function (user, context, callback) {
  console.log(context.request.query.scope); // show the requested scopes
  context.accessToken.scope = 'openid profile email read:foo'; // explicitly set the access token scopes
  return callback(null, user, context);
}
1 Like

Hi @john.gateley thanks for the reply, I am using the actions as part of the login flow, and the available params are only event and api. api.accessToken has a single method but that is to set custom claims.

Simply calling api.accessToken.scope doesnt work.

Hi @chinds

Unfortunately, this is not yet supported in Actions.
You could write it in a rule, which then gets called as part of the Post Login chain.

John

yeah, I tried that this morning after your message however, it looks like rules only run before actions as they are marked as legacy I’d need this to run after my actions.