App_metadata not being returned in token from /oauth/token even though rule exists

Hi

I’m creating a JMETER test inside a gitlab pipeline, the domain I am testing takes a JWT in the Authorisation Header (Bearer) in the request.

I’m using the following curl command to authenticate and get a token back:

curl --request POST
–url ‘https://gotham-city-dev.eu.auth0.com/oauth/token
–header ‘content-type: application/x-www-form-urlencoded’
–data ‘grant_type=password’
–data ‘username=BruceWayne’
–data ‘password=BatMan123’
–data ‘audience=https://gotham-city-dev.eu.auth0.com/api/v2/’
–data ‘scope=read:current_user’
–data ‘client_id=fMHp…MHho’
–data ‘client_secret=3b-joVidd…dibANvI’

And I have the following rule set up to add app_metadata to the token:

function (user, context, callback) {
const namespace = ‘https://gotham-city.com/’;
context.idToken[namespace + ‘authorities’] = user.app_metadata.roles;
context.idToken[namespace + ‘locale’] = user.app_metadata.itc_locale.toUpperCase();
context.idToken[namespace + ‘user_name’] = user.user_name;
callback(null, user, context);
}

A token is returned minus the rule controlled app_metadata. What am I missing or why is it ignoring the rule?

Any ideas will be greatly appreciated.

Regards

Richard

Hi @richard.sanigar,

Try updating your rule to add the metadata to the Access Token instead of the ID Token.

function (user, context, callback) {
  const namespace = ‘https://gotham-city.com/’;
  context.accessToken[namespace + ‘authorities’] = user.app_metadata.roles;
  context.accessToken[namespace + ‘locale’] = user.app_metadata.itc_locale.toUpperCase();
  context.accessToken[namespace + ‘user_name’] = user.user_name;
  callback(null, user, context);
}

Unlike the Authorization Code flow, the Resource Owner Password flow only passes an Access Token and not an ID Token.

Wow, thank you Stephanie, that has helped a lot
Kind regards
Richard

1 Like

Glad to hear that helped!

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.