Auth0 Rules: access to accessToken from inside Rule code

When talking about the 4-step flow of Rules on the guide page, item #4 says:

Blockquote 4. 1. The ID Token and/or Access Token is passed through the Rules pipeline, then sent to the app.

Do we have access to the Access Token from inside the Rule? I was hoping to use the AccessToken JWT to reach my API, but may have to use a generic API key if not.

I know the context object has a property called ‘accessToken’, but that’s just an object representing the options defined on the Access Token, like claims and scope, but not the access token itself

Hey there @miketeix!

That is correct. I checked the documentation and you indeed using context object properties have access to access token properties but not the access token itself.

1 Like

I’m getting “Forbidden” while trying to create a Rule, any idea why?

function (user, context, callback) {
user.app_metadata = user.app_metadata || {};
context.accessToken[‘’] = user.app_metadata.tenant;
return callback(null, user, context);

Hey @miketeix!

Can you send me your tenant name via private message?

1 Like

I think the reason might be that the namespace needs to be in the URI format:

nailed it! Thanks man!

Perfect! Glad you have it working!

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.