We’re adding custom information to user profile to handle a multi-tenant API:
app_metadata ==>
{
"tenants": [
"cad93b22-0838-4037-9f2c-16d80f0444f1"
]
}
We need to get back this information in the AccessToken throw the password credentials flow.
Here our request:
curl --location --request POST 'https://xxxxxxxxxx.eu.auth0.com/oauth/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=password' \
--data-urlencode 'username=xxxxxxxxxxx' \
--data-urlencode 'password=xxxxxxx' \
--data-urlencode 'audience=https://localhost:5000' \
--data-urlencode 'client_id=xxxxxxxxxx' \
--data-urlencode 'client_secret=xxxxxx' \
We added a custom action. Here the code:
exports.onExecutePostLogin = async (event, api) => {
const namespace = 'https://data-grapes.com';
api.idToken.setCustomClaim(`${namespace}/app_metadata`, event.user.app_metadata);
};
We’ve also added the custom action in the Login flow.
Unfortunately, the app_metadata is still not present in the AccessToken.
Any help is apreciated.
Regards