App_metadata not included in IdToken or accessToken

We’re adding custom information to user profile to handle a multi-tenant API:
app_metadata ==>

  "tenants": [

We need to get back this information in the AccessToken throw the password credentials flow.
Here our request:

curl --location --request POST '' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=password' \
--data-urlencode 'username=xxxxxxxxxxx' \
--data-urlencode 'password=xxxxxxx' \
--data-urlencode 'audience=https://localhost:5000' \
--data-urlencode 'client_id=xxxxxxxxxx' \
--data-urlencode 'client_secret=xxxxxx' \

We added a custom action. Here the code:

exports.onExecutePostLogin = async (event, api) => {
  const namespace = '';
  api.idToken.setCustomClaim(`${namespace}/app_metadata`, event.user.app_metadata);

We’ve also added the custom action in the Login flow.

Unfortunately, the app_metadata is still not present in the AccessToken.

Any help is apreciated.


Hi there @hmarzouk welcome to the community!

According to the Action code you’ve shared, the app_metadata is set to be added to the user ID Token - However, the Resource Owner Password flow will only return an Access Token. Are you able to confirm whether or not the app_metadata is returned in the Access Token if you update your Action to the following?

exports.onExecutePostLogin = async (event, api) => {
  const namespace = '';
  api.accessToken.setCustomClaim(`${namespace}/app_metadata`, event.user.app_metadata);

Let us know!

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.