Auth0 Home Blog Docs

Custom Claims in Token

auth0

#1

Hello, When a Jwt token is generated I would like to include some custom user claims that only exist in my user database. Is this possible or do all claims need to exist as pre-defined attributes in Auth0.

I have my own user database because there are some dynamic and complicated user permissions that I need to store there. I realize that one option is not to store these permissions in the token and I could have a separate api to get them but for performance and simplicity I’d rather wrap them into the Jwt token. I can’t seem to see a way to do this.

Thanks in advance


#2

You can do that using a rule. More on this here: https://auth0.com/docs/api-auth/tutorials/adoption/scope-custom-claims#custom-claims


#3

Thanks for the reply. Are you suggesting that the rule could call a rest api in my application to get the custom data. If that’s possible I’m not sure how I would secure that api call. Do you have an example anywhere? Thanks again


#4

Yes, you can do that in a rule. How you’ll secure that call it’s up to you. Use a secret token/use the current transaction state etc.