Creating a login endpoint for api

Hi all,
I’v been stuck with a process of authenticating a user from a web API. Here is my scenario, I have a web API where i need to get user credentials and authenticate that user against auth0 and send that incoming access token to user for further usage inside the application. But to do that i need to add some custom claims to my access token when i receive that from auth0 side. Such as user roles. So in order to do that i haven’t found a custom way to add claims to the access token directly so i came up with a solution where i have to recreate the JWT token with custom claims that im getting from auth0. For that i need a secrete key i think but im not sure where to find that. Can you provide me a way of finding that ? or point me in a direction where i can do this the proper way.
The we api is a .net web api. And i have configured it according to the sample documentation that has given in auth0 site.
and the endpoint im using to authenticate user is “oauth/token”.

If there is anything there to resolve this issue please let me know. Any help would be grateful.
Thank you.

:wave: @shehan.f we can add claims to the access token using Rules.

An example of a Rule in Auth looks something like the following:

function (user, context, callback) {
  var namespace = '';
  context.accessToken[namespace + 'username'] =;
  context.idToken[namespace + 'favorite_color'] = user.favorite_color;
  callback(null, user, context);

and then your API will verify the scopes present in the access token.

Some relevant documentation that may be helpful for you or others:

This should be a good start. Let me know if this helps and if any other issues come up!

Hi Kim,
I actually came across this. but as far as i found this rule applies from auth0 side yeah? and the values such as user name and favourit color can be found on user meta data ?
But what i want to do is add custom claims from my local database. And right now i kinda found a way by using a custom AuthorizeAttribute.

:wave: @shehan.f I apologize for the delayed follow up, were you able to solve your issue with custom claims? Please let me know if you still require assistance.

Hey @kimcodes, yeah actually as i said i did it using a custom authorize attribute.