Custom Claim Does Not Show Up in Access Token

mark29 · June 10, 2024, 5:40pm

I’m having issues setting a custom claim on the accessToken in the Flow > Login script. I’m using the auth0 SPA JS SDK GitHub - auth0/auth0-spa-js: Auth0 authentication for Single Page Applications (SPA) with PKCE

Here is how I’m creating the client:

auth0.createAuth0Client({
        domain: ...,
        clientId: ...,
        authorizationParams: {
            redirect_uri: "http://localhost:3000"
        },
        useRefreshTokens: true,
        cacheLocation: 'localstorage'
    })

Here is the Flow > Login script to add a custom claim to the accessToken

exports.onExecutePostLogin = async (event, api) => {
  if (event.authorization) {
    api.accessToken.setCustomClaim('test', "hello");
  }
}

but I do not see the custom claim come through in the accessToken when calling const t = await auth0Client.getTokenSilently(); This returns a JWT with no data payload ...mwzciJ9..H7dP7YQ1...

However it works when setting the custom claim on the idToken when using

exports.onExecutePostLogin = async (event, api) => {
  if (event.authorization) {
    api.idToken.setCustomClaim('test', "hello");
  }
}

Any ideas why the accessToken does not include the custom claim from the Flow > Login script?

tyf · June 10, 2024, 5:52pm

Hello @mark29 welcome to the community!

This is due to the lack of an audience param being passed in the authorize request - You can add this param in authorizationOptions. Without it, you’ll get an opaque token returned as you’ve seen.

mark29 · June 10, 2024, 6:18pm

I’ve added the audience to the config but getting this error now

Auth0Client.ts:503 Uncaught (in promise) Error: Service not found: https://nativeframe-prod-usc1b.nativeframe.com
    at ce.handleRedirectCallback (Auth0Client.ts:503:13)
    at auth.js:68:31

Options for reference

auth0.createAuth0Client({
        domain: ...,
        clientId: ...,
        authorizationParams: {
            redirect_uri: "http://localhost:3000",
            audience: "https://nativeframe-prod-usc1b.nativeframe.com"
        },
        useRefreshTokens: true,
        cacheLocation: 'localstorage'
    })

tyf · June 10, 2024, 6:23pm

Do you have https://nativeframe-prod-usc1b.nativeframe.com as a registered API in your dashboard?

mark29 · June 10, 2024, 6:35pm

Ah no, that’s what it was. Thank you!

tyf · June 10, 2024, 6:37pm

Awesome, thanks for confirming!

system · June 24, 2024, 6:37pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Adding Custom Claims After Login with Custom Triggers Help apis , application	2	235	June 14, 2024
How can I get my custom scopes in the access token? Help login-experience , free-trial	2	24	October 7, 2024
Custom claims missing from tokens Help custom-claims	5	3698	May 25, 2022
Assistance with Customizing Access Tokens and API Authorization using Auth0 Help configuration , application	0	101	June 25, 2024
Custom Claims working with idToken in Rules, but not in Actions Help login-experience , new-universal-login-experience	3	17	September 13, 2024

Custom Claim Does Not Show Up in Access Token

Related Topics