Auth0 Home Blog Docs

Creating a login endpoint for asp.net api

jwt
auth0
api

#1

Hi all,
I’v been stuck with a process of authenticating a user from a web API. Here is my scenario, I have a web API where i need to get user credentials and authenticate that user against auth0 and send that incoming access token to user for further usage inside the application. But to do that i need to add some custom claims to my access token when i receive that from auth0 side. Such as user roles. So in order to do that i haven’t found a custom way to add claims to the access token directly so i came up with a solution where i have to recreate the JWT token with custom claims that im getting from auth0. For that i need a secrete key i think but im not sure where to find that. Can you provide me a way of finding that ? or point me in a direction where i can do this the proper way.
The we api is a .net web api. And i have configured it according to the sample documentation that has given in auth0 site.
and the endpoint im using to authenticate user is “oauth/token”.

If there is anything there to resolve this issue please let me know. Any help would be grateful.
Thank you.


#3

:wave: @shehan.f we can add claims to the access token using Rules.

An example of a Rule in Auth looks something like the following:

function (user, context, callback) {
  var namespace = 'https://example.com/';
  context.accessToken[namespace + 'username'] = user.name;
  context.idToken[namespace + 'favorite_color'] = user.favorite_color;
  callback(null, user, context);
}

and then your API will verify the scopes present in the access token.

Some relevant documentation that may be helpful for you or others:

This should be a good start. Let me know if this helps and if any other issues come up!


#4

Hi Kim,
I actually came across this. but as far as i found this rule applies from auth0 side yeah? and the values such as user name and favourit color can be found on user meta data ?
But what i want to do is add custom claims from my local database. And right now i kinda found a way by using a custom AuthorizeAttribute.


#5

:wave: @shehan.f I apologize for the delayed follow up, were you able to solve your issue with custom claims? Please let me know if you still require assistance.


#6

Hey @kim.noel, yeah actually as i said i did it using a custom authorize attribute.