Hi all,
I’v been stuck with a process of authenticating a user from a web API. Here is my scenario, I have a web API where i need to get user credentials and authenticate that user against auth0 and send that incoming access token to user for further usage inside the application. But to do that i need to add some custom claims to my access token when i receive that from auth0 side. Such as user roles. So in order to do that i haven’t found a custom way to add claims to the access token directly so i came up with a solution where i have to recreate the JWT token with custom claims that im getting from auth0. For that i need a secrete key i think but im not sure where to find that. Can you provide me a way of finding that ? or point me in a direction where i can do this the proper way.
The we api is a .net web api. And i have configured it according to the sample documentation that has given in auth0 site.
and the endpoint im using to authenticate user is “oauth/token”.
If there is anything there to resolve this issue please let me know. Any help would be grateful.
Thank you.
@shehan.f we can add claims to the access token using Rules.
An example of a Rule in Auth looks something like the following:
function (user, context, callback) {
var namespace = 'https://example.com/';
context.accessToken[namespace + 'username'] = user.name;
context.idToken[namespace + 'favorite_color'] = user.favorite_color;
callback(null, user, context);
}
and then your API will verify the scopes present in the access token.
Some relevant documentation that may be helpful for you or others:
This should be a good start. Let me know if this helps and if any other issues come up!
Hi Kim,
I actually came across this. but as far as i found this rule applies from auth0 side yeah? and the values such as user name and favourit color can be found on user meta data ?
But what i want to do is add custom claims from my local database. And right now i kinda found a way by using a custom AuthorizeAttribute.
@shehan.f I apologize for the delayed follow up, were you able to solve your issue with custom claims? Please let me know if you still require assistance.
Hey @kimcodes, yeah actually as i said i did it using a custom authorize attribute.