Custom Claim Does Not Show Up in Access Token

I’m having issues setting a custom claim on the accessToken in the Flow > Login script. I’m using the auth0 SPA JS SDK GitHub - auth0/auth0-spa-js: Auth0 authentication for Single Page Applications (SPA) with PKCE

Here is how I’m creating the client:

auth0.createAuth0Client({
        domain: ...,
        clientId: ...,
        authorizationParams: {
            redirect_uri: "http://localhost:3000"
        },
        useRefreshTokens: true,
        cacheLocation: 'localstorage'
    })

Here is the Flow > Login script to add a custom claim to the accessToken

exports.onExecutePostLogin = async (event, api) => {
  if (event.authorization) {
    api.accessToken.setCustomClaim('test', "hello");
  }
}

but I do not see the custom claim come through in the accessToken when calling const t = await auth0Client.getTokenSilently(); This returns a JWT with no data payload ...mwzciJ9..H7dP7YQ1...

However it works when setting the custom claim on the idToken when using

exports.onExecutePostLogin = async (event, api) => {
  if (event.authorization) {
    api.idToken.setCustomClaim('test', "hello");
  }
}

Any ideas why the accessToken does not include the custom claim from the Flow > Login script?

Hello @mark29 welcome to the community!

This is due to the lack of an audience param being passed in the authorize request - You can add this param in authorizationOptions. Without it, you’ll get an opaque token returned as you’ve seen.

I’ve added the audience to the config but getting this error now

Auth0Client.ts:503 Uncaught (in promise) Error: Service not found: https://nativeframe-prod-usc1b.nativeframe.com
    at ce.handleRedirectCallback (Auth0Client.ts:503:13)
    at auth.js:68:31

Options for reference

auth0.createAuth0Client({
        domain: ...,
        clientId: ...,
        authorizationParams: {
            redirect_uri: "http://localhost:3000",
            audience: "https://nativeframe-prod-usc1b.nativeframe.com"
        },
        useRefreshTokens: true,
        cacheLocation: 'localstorage'
    })
1 Like

Do you have https://nativeframe-prod-usc1b.nativeframe.com as a registered API in your dashboard?

Ah no, that’s what it was. Thank you!

1 Like

Awesome, thanks for confirming!

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.