But the token isn’t a string it is an object. I know this is because things can still be added but I need a way to use it to call the DB to get additional user info for claims. Is there a way to do this without leaving it open?
The context.accessToken is the access token you are returning to the user. When you are in the middle of the rules, the access token is not yet complete (the user is not fully authorized). Consider: the next rule in the chain could fail the login, so the partial access token is not valid. But you are trying to use it anyway, So, you need your own M2M access token instead.
You can cache M2M tokens in the rule, using the rule config.
As this topic is related to Rules - Hooks - Actions and Rules & Hooks are being deprecated soon I’m excited to let you know about our next Ask me Anything session in the Forum on Thursday, January 18 with the Rules, Hooks and Actions team on Rules & Hooks and why Actions matter! Submit your questions in the thread above and our esteemed product experts will provide written answers on January 18. Find out more about Rules & Hooks and why Actions matter! Can’t wait to see you there!