Assistance with Customizing Access Tokens and API Authorization using Auth0

Hi Auth0 Team,

I am reaching out to seek assistance with customizing our authentication and authorization setup using Auth0. Below are the details of our current implementation and the challenges we are facing:

Project Overview: We are implementing an authentication system that uses both email/password and social logins. We need to ensure that our access tokens contain specific user information and that these tokens are properly used to authorize API requests.

Technical Stack:

  • Frontend: Next.js
  • Backend: Spring Boot
  • Auth0 Configuration: Configured API in Auth0 with custom scopes

Current Implementation:

  1. Access Token Customization: We have set up an Auth0 action to add custom claims (email, name, email_verified, given_name) to the access token using the onExecutePostLogin action.
  2. Authentication Request: We initiate the login flow in our Next.js application with the appropriate parameters to request access tokens with the correct audience.
  3. API Call with Access Token: Our frontend uses the access token to make API requests to our Spring Boot backend.
  4. Backend Token Verification: We verify the access token on our Spring Boot backend to ensure it is valid and contains the necessary claims.

Challenges:

  1. The access tokens do not contain the custom claims as expected.

Requirements:

  • Guidance on correctly implementing and verifying custom claims in access tokens.
  • Best practices for ensuring proper usage of access tokens for API authorization.
  • Assistance in debugging why custom claims are not appearing in access tokens.

I appreciate your help and look forward to your guidance on resolving these issues.

Thank you, Swapnil Mohite swapnilmohite495@gmail.com