Custom accessToken claim not being returned to app

adam.barclay · May 25, 2018, 5:01pm

Hey!

I’m trying to pass a custom claim back to my app through a rule but struggling to actually get it to be passed back to the app in the accessToken JWT.

The rule implements a redirect flow, which allows the user to select which tenant to sign in. When the app ‘continues’ it passes a new value back in the JWT, decodes that and adds it to the context.accessToken:

context.accessToken['https://app.timestamp.io/user_id'] = decoded.user_id;

I have added logs and know that this is being set correctly. context.accessToken looks like: { “Timestamp”}

GIven this, the JWT generated by Auth0 DOES NOT contain this extra claim. I just get something like:

{
  "iss": "https://.../",
  "sub": "...",
  "aud": [
    "https://api.timestamp.io",
    "https://.../userinfo"
  ],
  "iat": 1527265982,
  "exp": 1527273182,
  "azp": "...",
  "scope": "openid timestamp:all"
}

I’m really not sure what else to try. I cannot see anything obvious as to why this would not work.

Appreciate any help!

Thanks, Adam

sgmeyer · May 25, 2018, 5:04pm

@adam.barclay given what you’ve showed here it should work. Can you send me the rule you have written that augments the access token? Also, are you saying there is a redirect rule in place? If so does the accessToken get set before or after the redirect takes place?

adam.barclay · June 1, 2018, 2:15pm

@sgmeyer sorry I did not see this reply. I have managed to figure out what is going on. The flow was taken from the redirect example and modified.

My problem was not returning from the verifyToken call, which meant the callback function was being called before the claims had been added. The confusing part was the logs outputting that the context was being correctly modified.

To help others in the future would it be possible to log an error if callback is called twice as it seems there is no situation where that would be desired?

Thank you, Adam