App metadata in resource owner

ashiraz · April 10, 2018, 5:46pm

I’m trying to obtain a token via the resource owner grant, as follows:

POST https://<auth0_domain>/oauth/token

{
"grant_type":"http://auth0.com/oauth/grant-type/password-realm",
"client_id":"<client id>",
"password":"<pwd>",
"scope":"openid name email app_metadata identities",
"username":"<some user>",
"realm":"<some connection>"
}

When I invoke this, it returns with a token, but with an additional property:

"scope": "openid email"

Why is it returning only openid and email, while I requested app_metadata also?

kimcodes · April 11, 2018, 1:23pm

@ashiraz

The oauth/token endpoint is compliant with the OpenID Connect specification. As per the OIDC-compliant pipeline, only a small number of attributes are marked as standard claims and only these will be returned in the token, like the openid email you are seeing. Any additional claims need to be added by manual mapping and following a namespaced format to avoid possible collisions with standard claims. These custom claims can only be added using a Rule. The rule will look something like this:

function (user, context, callback) {

  var namespace = 'https://example.com/';
  context.idToken[namespace + 'user_metadata'] = user.user_metadata;

  callback(null, user, context);
}

system · September 5, 2018, 8:38pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Extract user_metadata & app_metadata Help jwt	4	2575	October 28, 2021
The app_metadata is not included in id_token Help jwt , app_metadata	3	11686	March 2, 2018
Obtaining user app_metadata in the Resource Server using OIDC and Oauth v2.0 Help	0	3439	September 5, 2019
OIDC-conformant no user_metdadata recieved Help auth0 , login	9	4141	January 8, 2019
Custom claims to the Access Token Help	2	2953	August 6, 2019

App metadata in resource owner

Related topics