Auth0 Home Blog Docs

Azure API Management with Auth0 OIDC

azure
auth0-api

#1

I am trying to configure Azure Api Management to work with Auth0 OIDC, I was able to get a token which contains basic info like sub, uid… Is there anyway to change scope so that the token returned contains more info like user metadata, roles, username?


#2

When using OIDC standard authentication and/or API authorization any custom information that you need to include in the issued tokens needs to be done explicitly (through a rule) and the claim name must be namespaced so that it does not conflict with standards claims.

You can read more about this at:

https://auth0.com/docs/api-auth/tutorials/adoption/scope-custom-claims#custom-claims

With the above you would be able to include all the information you require in the token, however, have in mind that you should include only what you need as otherwise larger tokens will also cause significant overhead in each request that needs to use them.


#3

Thanks, when I tried setting the scope of access token using below line in rules
context.accessToken.scope = ‘username’, ‘email’, ‘user_id’,‘user_metadata’,‘roles’];
I dont get any of the data but when I use
context.idToken’http://test/claims/name’] = user.username; then the claim is present in access token. Am I doing something wrong or my assumption of setting access token scope will get the info is wrong?
Also when I set context.accessToken’http://test/claims/name’] = user.username; I dont get the claim in my access token


#4

Thanks, when I tried setting the scope of access token using below line in rules
context.accessToken.scope = ‘username’, ‘email’, ‘user_id’,‘user_metadata’,‘roles’];
I dont get any of the data but when I use
context.idToken’http://test/claims/name’] = user.username; then the claim is present in access token. Am I doing something wrong or my assumption of setting access token scope will get the info is wrong?
Also when I set context.accessToken’http://test/claims/name’] = user.username; I dont get the claim in my access token


#5

Within the rule and if including custom information is the goal, you should not need to modify the scope; just set the custom data directly as namespaced claims. If there’s still a situation where you set the data as a custom claim and it is not then included in the token, then please update the question with exact details of the rule and also how you request the tokens.


#6