We’re using auth0-spa-js in an angular application and I want to add some custom claims to the token and the value of that custom claim will change with every new token fetch but the key of the custom claim will remain the same.
I want to use that custom claim value on my api side to perform authorization. So basically I want to generate a token for just one resource in my api and if someone tries to use that token for some other resource, I want to restrict that call.
For Example, let’s say I generate a token with custom claim as “orderId”: “123” so I want the user to use that token for just the below url:
https://example.com/v1/orders/123
If the user tries to use that token for https://example.com/v1/orders/456, I want to check the claim in the API authorization and deny the request with Forbidden error.
Can someone please help me on how to do this with auth0-spa-js for Angular?