App_metadata not included in IdToken or accessToken

hmarzouk · March 31, 2022, 11:06am

We’re adding custom information to user profile to handle a multi-tenant API:
app_metadata ==>

{
  "tenants": [
    "cad93b22-0838-4037-9f2c-16d80f0444f1"
  ]
}

We need to get back this information in the AccessToken throw the password credentials flow.
Here our request:

curl --location --request POST 'https://xxxxxxxxxx.eu.auth0.com/oauth/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=password' \
--data-urlencode 'username=xxxxxxxxxxx' \
--data-urlencode 'password=xxxxxxx' \
--data-urlencode 'audience=https://localhost:5000' \
--data-urlencode 'client_id=xxxxxxxxxx' \
--data-urlencode 'client_secret=xxxxxx' \

We added a custom action. Here the code:

exports.onExecutePostLogin = async (event, api) => {
  const namespace = 'https://data-grapes.com';
  api.idToken.setCustomClaim(`${namespace}/app_metadata`, event.user.app_metadata);
};

We’ve also added the custom action in the Login flow.

Unfortunately, the app_metadata is still not present in the AccessToken.

Any help is apreciated.

Regards

tyf · April 15, 2022, 5:57am

Hi there @hmarzouk welcome to the community!

According to the Action code you’ve shared, the app_metadata is set to be added to the user ID Token - However, the Resource Owner Password flow will only return an Access Token. Are you able to confirm whether or not the app_metadata is returned in the Access Token if you update your Action to the following?

exports.onExecutePostLogin = async (event, api) => {
  const namespace = 'https://data-grapes.com';
  api.accessToken.setCustomClaim(`${namespace}/app_metadata`, event.user.app_metadata);
};

Let us know!

tyf · April 30, 2022, 5:57am

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.