Auth0 Home Blog Docs

Bug: Access token missing custom fields added in rule

bug
jwt
rules
access-token

#1

Hi,
About month ago I have similar isussue with version 10.24. and problem is the same in version 11. I try to describe it little more.

Version Auth0-lock: 11.0.1

Configuration:

 {
          leeway: 30, 
          theme: {
            primaryColor: '#6e40ff',
            logo: logoImage
          },
          allowShowPassword: true,
          languageDictionary: {
            title: '',
            signUpTerms: "I agree to the..."
          },
          mustAcceptTerms: true,
          autoclose: true,
          rememberLastLogin: true,
          auth: {
            redirectUrl: 'http://localhost:9000/login',
            autoParseHash: true,
            sso: true,
            responseType: 'token',
            audience: 'https://api.example.io'
          }
}

Rule is still the same as before:

function (user, context, callback) { 
      console.log('add-user_metadata-to-token_id - start');
      console.log('add-user_metadata-to-token_id - user ', user);
      console.log('add-user_metadata-to-token_id - context: ', context);
     
      var namespace = 'https://example.io/';          
      context.accessToken[namespace + 'email'] = user.email;
      context.accessToken[namespace + 'organizationId'] = user.user_metadata.organization;
         
      console.log('add-user_metadata-to-token_id - idToken', context.idToken);
      console.log('add-user_metadata-to-token_id - accessToken', context.accessToken);
      
      callback(null, user, context);
    }

Problem:

When I create user over Auth0 administration or using signup proccess on embed Lock signup page, after first login my accessToken doesn’t contains fields email and organizationId.

Access token after first login:
https://gyazo.com/f2a1c135e8e52ed24131beafa53ea129

Access token after second and more logins:
https://gyazo.com/ca6b87901342411c1e253bb44d09feb7

Thanks
Dan


#2

Have you made sure that the user.email and user.user_metadata.organization both exist and aren’t null? Also, have you tried specifying openid email in the scope when you request the access token?