Hi Auth0 Team,
I am reaching out to seek assistance with customizing our authentication and authorization setup using Auth0. Below are the details of our current implementation and the challenges we are facing:
Project Overview: We are implementing an authentication system that uses both email/password and social logins. We need to ensure that our access tokens contain specific user information and that these tokens are properly used to authorize API requests.
Technical Stack:
- Frontend: Next.js
- Backend: Spring Boot
- Auth0 Configuration: Configured API in Auth0 with custom scopes
Current Implementation:
- Access Token Customization: We have set up an Auth0 action to add custom claims (email, name, email_verified, given_name) to the access token using the
onExecutePostLoginaction. - Authentication Request: We initiate the login flow in our Next.js application with the appropriate parameters to request access tokens with the correct audience.
- API Call with Access Token: Our frontend uses the access token to make API requests to our Spring Boot backend.
- Backend Token Verification: We verify the access token on our Spring Boot backend to ensure it is valid and contains the necessary claims.
Challenges:
- The access tokens do not contain the custom claims as expected.
Requirements:
- Guidance on correctly implementing and verifying custom claims in access tokens.
- Best practices for ensuring proper usage of access tokens for API authorization.
- Assistance in debugging why custom claims are not appearing in access tokens.
I appreciate your help and look forward to your guidance on resolving these issues.
Thank you, Swapnil Mohite swapnilmohite495@gmail.com