Custom Claim Does Not Show Up in Access Token

mark29 · June 10, 2024, 5:40pm

I’m having issues setting a custom claim on the accessToken in the Flow > Login script. I’m using the auth0 SPA JS SDK GitHub - auth0/auth0-spa-js: Auth0 authentication for Single Page Applications (SPA) with PKCE

Here is how I’m creating the client:

auth0.createAuth0Client({
        domain: ...,
        clientId: ...,
        authorizationParams: {
            redirect_uri: "http://localhost:3000"
        },
        useRefreshTokens: true,
        cacheLocation: 'localstorage'
    })

Here is the Flow > Login script to add a custom claim to the accessToken

exports.onExecutePostLogin = async (event, api) => {
  if (event.authorization) {
    api.accessToken.setCustomClaim('test', "hello");
  }
}

but I do not see the custom claim come through in the accessToken when calling const t = await auth0Client.getTokenSilently(); This returns a JWT with no data payload ...mwzciJ9..H7dP7YQ1...

However it works when setting the custom claim on the idToken when using

exports.onExecutePostLogin = async (event, api) => {
  if (event.authorization) {
    api.idToken.setCustomClaim('test', "hello");
  }
}

Any ideas why the accessToken does not include the custom claim from the Flow > Login script?

ty.frith · June 10, 2024, 5:52pm

Hello @mark29 welcome to the community!

This is due to the lack of an audience param being passed in the authorize request - You can add this param in authorizationOptions. Without it, you’ll get an opaque token returned as you’ve seen.

https://community.auth0.com/t/what-is-the-audience/71414

mark29 · June 10, 2024, 6:18pm

I’ve added the audience to the config but getting this error now

Auth0Client.ts:503 Uncaught (in promise) Error: Service not found: https://nativeframe-prod-usc1b.nativeframe.com
    at ce.handleRedirectCallback (Auth0Client.ts:503:13)
    at auth.js:68:31

Options for reference

auth0.createAuth0Client({
        domain: ...,
        clientId: ...,
        authorizationParams: {
            redirect_uri: "http://localhost:3000",
            audience: "https://nativeframe-prod-usc1b.nativeframe.com"
        },
        useRefreshTokens: true,
        cacheLocation: 'localstorage'
    })

ty.frith · June 10, 2024, 6:23pm

Do you have https://nativeframe-prod-usc1b.nativeframe.com as a registered API in your dashboard?

mark29 · June 10, 2024, 6:35pm

Ah no, that’s what it was. Thank you!

ty.frith · June 10, 2024, 6:37pm

Awesome, thanks for confirming!

system · June 24, 2024, 6:37pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How to add custom claim to access token Get Help management-api , actions-management-api	2	353	November 11, 2024
Unable to add custom claim to access token using custom action Get Help management-api , grants	8	3429	January 1, 2023
Unable to add custom claim to access token Get Help rules	8	5200	May 6, 2021
Custom claim not showing in JWT access token Get Help management-api , grants	5	107	June 25, 2025
Issue with custom claims Get Help identifier-first , login-experience	3	437	November 29, 2023

Custom Claim Does Not Show Up in Access Token

Related topics