Creating custom actions for different APIs

I created both app and API profiles in Auth0 and have successfully been able to pass needed information along with a bearer token sent to the API by using this code in a custom action:

/**
 * @param {Event} event - Details about the user and the context in which they are logging in.
 * @param {PostLoginAPI} api - Interface whose methods can be used to change the behavior of the login.
 */
exports.onExecutePostLogin = async (event, api) => {
  const namespace = 'https://api_1';
  if (event.authorization) {
    api.idToken.setCustomClaim(`${namespace}/roles`, event.authorization.roles);
    api.accessToken.setCustomClaim(`${namespace}/roles`, event.authorization.roles);
    
    api.idToken.setCustomClaim(`${namespace}/ip`, event.request.ip);
    api.accessToken.setCustomClaim(`${namespace}/ip`, event.request.ip);
  }
}

However, I need to do something similar for another API (let’s call its namespace https://api_2). Do I just copy this custom action and make another one that I add to the login flow below the existing one?

Hi Jon,

In the provided code, the namespace is used as a prefix for custom claim types, and it doesn’t perform any validation. It’s simply a string that acts as a unique identifier for the custom claims being added to the ID and access tokens. You can use a common claim type for all details, such as “Roles.” If you have a scenario where permissions change based on the API, you can use the Permissions feature in Auth0 to assign permissions to users. If you’re adding permissions, make sure to include the “audience” in your authorization parameter to receive the values in the token. Let me know if you have any questions.

Doc - Enable Role-Based Access Control for APIs

Thanks,

1 Like

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.