Auth0 Rules: access to accessToken from inside Rule code

miketeix · March 14, 2019, 3:15am

When talking about the 4-step flow of Rules on the guide page, item #4 says:

Blockquote 4. 1. The ID Token and/or Access Token is passed through the Rules pipeline, then sent to the app.

Do we have access to the Access Token from inside the Rule? I was hoping to use the AccessToken JWT to reach my API, but may have to use a generic API key if not.

miketeix · March 14, 2019, 3:22am

I know the context object has a property called ‘accessToken’, but that’s just an object representing the options defined on the Access Token, like claims and scope, but not the access token itself

miketeix · March 14, 2019, 3:23am

https://auth0.com/docs/rules/references/context-object

konrad.sopala · March 14, 2019, 9:34am

Hey there @miketeix!

That is correct. I checked the documentation and you indeed using context object properties have access to access token properties but not the access token itself.

miketeix · March 19, 2019, 1:23pm

I’m getting “Forbidden” while trying to create a Rule, any idea why?

function (user, context, callback) {
user.app_metadata = user.app_metadata || {};
context.accessToken[‘accounthq.com/tenantId’] = user.app_metadata.tenant;
return callback(null, user, context);
}

konrad.sopala · March 19, 2019, 1:55pm

Hey @miketeix!

Can you send me your tenant name via private message?

konrad.sopala · March 19, 2019, 5:11pm

I think the reason might be that the namespace needs to be in the URI format:

http://accounthq.com/

miketeix · March 20, 2019, 4:39pm

nailed it! Thanks man!

konrad.sopala · March 20, 2019, 4:40pm

Perfect! Glad you have it working!

system · April 4, 2019, 4:40pm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.