Cant add app_metadata to accessToken

ivelin.kotsev · January 8, 2023, 4:03pm

Hi guys I’ve tried to add app_metadata to accessToken but without any luck.
My app is Blazor(Server&Client)
Things I have tried add successfully app_metadata to IDToken but now in AccessToken
Actions → Flow → Login

exports.onExecutePostLogin = async (event, api) => {
  const namespace = 'IKActionFlows';
  api.accessToken.setCustomClaim(`${namespace}/app_metadata`, event.user.app_metadata);
  api.idToken.setCustomClaim(`${namespace}/app_metadata`, event.user.app_metadata);
};

Auth Pipeline → Rules

function addAppMetadataToAccessToken(user, context, callback) {
  var namespace = 'IKAuthPipeline';
  context.accessToken[namespace + 'app_metadata'] = user.app_metadata;
  return callback(null, user, context);
}

This is my Program.css of Client(BlazorWASM)

builder.Services.AddOidcAuthentication(options =>
{
    builder.Configuration.Bind("Auth0", options.ProviderOptions);
    options.ProviderOptions.ResponseType = "code";

    options.ProviderOptions.AdditionalProviderParameters.Add("audience", builder.Configuration["Auth0:Audience"]);
});

This is my Program.cs for Blazor(Server)


 appBuilder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
        .AddJwtBearer(JwtBearerDefaults.AuthenticationScheme, c =>
        {
            c.Authority = $"https://{appBuilder.Configuration["Auth0:Domain"]}";
            c.TokenValidationParameters = new Microsoft.IdentityModel.Tokens.TokenValidationParameters
            {
                ValidAudience = appBuilder.Configuration["Auth0:Audience"],
                ValidIssuer = $"https://{appBuilder.Configuration["Auth0:Domain"]}"
            };
        });

Can anyone give me any clue what I do wrong ? Thanks

konrad.sopala · January 9, 2023, 9:14am

Hey there!

Thank you for raising this! @andrea.chiarelli as a Blazor expert would you be able to help us on that front? Kudos!

andrea.chiarelli · January 9, 2023, 10:43am

Hey @ivelin.kotsev,
Welcome to the Auth0 Community!

As far as I can see, most likely your problem does not depend on Blazor configuration.
At first glance, I have a couple of concerns:

Why are you using both Actions and Rules to set custom claims to the token(s)?
If you use both, Rules are executed before Actions, but using both in this case looks redundant.
The recommended approach is to use just Actions.
As far as I know, suggested namespaces should follow the URI syntax. Also, namespaced claims are mandatory for access tokens.

Please, try to fix your Action following these guidelines, although I’m not 100% sure that they will fix the issue. Let me know.

ivelin.kotsev · January 9, 2023, 11:06am

Thank you for the cooperation!
I’ve tried both Actions and Rules, because I’ve couldn’t make it work and got desperate

Fixing the Namespace fixed my problem!

Thank you @andrea.chiarelli and @konrad.sopala !

andrea.chiarelli · January 9, 2023, 11:13am

Happy to hear this! Have a great week, @ivelin.kotsev!

system · January 23, 2023, 11:13am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.