Custom Claims in the Access Token

We’re using auth0-spa-js in an angular application and I want to add some custom claims to the token and the value of that custom claim will change with every new token fetch but the key of the custom claim will remain the same.
I want to use that custom claim value on my api side to perform authorization. So basically I want to generate a token for just one resource in my api and if someone tries to use that token for some other resource, I want to restrict that call.
For Example, let’s say I generate a token with custom claim as “orderId”: “123” so I want the user to use that token for just the below url:

https://example.com/v1/orders/123

If the user tries to use that token for https://example.com/v1/orders/456, I want to check the claim in the API authorization and deny the request with Forbidden error.

Can someone please help me on how to do this with auth0-spa-js for Angular?

Hey @knakra92, Welcome them to Auth0 community!

We have documentation to add the custom claims:

Is this what you are looking for?

Regards,
Sid

1 Like

Thank You @sidharth.chaudhary for quick response. I think the authorization that I’m trying to perform is not supported in the Custom Claims and Scopes.

1 Like

If it’s not supported what I would recommend is to go to our product feedback form and file in a feature request for that:

1 Like