Assistance with Customizing Access Tokens and API Authorization using Auth0

Hi Auth0 Team,

I am reaching out to seek assistance with customizing our authentication and authorization setup using Auth0. Below are the details of our current implementation and the challenges we are facing:

Project Overview: We are implementing an authentication system that uses both email/password and social logins. We need to ensure that our access tokens contain specific user information and that these tokens are properly used to authorize API requests.

Technical Stack:

  • Frontend: Next.js
  • Backend: Spring Boot
  • Auth0 Configuration: Configured API in Auth0 with custom scopes

Current Implementation:

  1. Access Token Customization: We have set up an Auth0 action to add custom claims (email, name, email_verified, given_name) to the access token using the onExecutePostLogin action.
  2. Authentication Request: We initiate the login flow in our Next.js application with the appropriate parameters to request access tokens with the correct audience.
  3. API Call with Access Token: Our frontend uses the access token to make API requests to our Spring Boot backend.
  4. Backend Token Verification: We verify the access token on our Spring Boot backend to ensure it is valid and contains the necessary claims.


  1. The access tokens do not contain the custom claims as expected.


  • Guidance on correctly implementing and verifying custom claims in access tokens.
  • Best practices for ensuring proper usage of access tokens for API authorization.
  • Assistance in debugging why custom claims are not appearing in access tokens.

I appreciate your help and look forward to your guidance on resolving these issues.

Thank you, Swapnil Mohite