Auth0 duplicating custom claim in idToken with malformed namespace

GeorgeCLT · October 30, 2020, 6:52pm

When we use a rule like this where we are adding a custom claim to idToken:

 function(user, context, callback) {
  var namespace = "http://myapp.com/";
  if (context.idToken && user.user_metadata) {
    if (user.user_metadata.first_name) context.idToken[namespace + 'first_name'] = user.user_metadata.first_name;
   }
  // add ip address to token
  context.idToken[namespace + 'ip'] = context.request.ip;  
  console.log("TOKEN CONTENT O:", context.idToken);
  callback(null, user, context);
}

The resulting idToken will have additional custom claims that seem to have a malformed namespace. This makes the token larger then needed.
Here is the extracted token payload:

{
  "http://myapp.com/first_name": "asdas",
  "http://myapp.com/ip": "159.224.82.89",
  "http://myapp;com/first_name": "asdas",
  "http://myapp;com/ip": "159.224.82.89",
}

As you see we only set custom claims with names space http://myapp.com/ but the token also has a an additional copy with namespace http://myapp;com/ (the semicolon instead of the period is used).

This happens when all other rules are turned off and only the sample code above is running.
How/Why does a namespace like http://myapp;com get added and all the custom claims repeated in this namespace as well?

Thanks,
George

joseantonio.rey · November 20, 2020, 4:34am

Hello, @GeorgeCLT - welcome back to the Auth0 Community!

It seems like you might have malformed Javascript here:

An if condition should be followed by the code to be executed between { and }. Could you please add them for this conditional?

Let me know if this helps.

system · December 5, 2020, 4:34am

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.