Custom Claims in Token

neil2 · June 4, 2018, 7:31pm

Hello, When a Jwt token is generated I would like to include some custom user claims that only exist in my user database. Is this possible or do all claims need to exist as pre-defined attributes in Auth0.

I have my own user database because there are some dynamic and complicated user permissions that I need to store there. I realize that one option is not to store these permissions in the token and I could have a separate api to get them but for performance and simplicity I’d rather wrap them into the Jwt token. I can’t seem to see a way to do this.

Thanks in advance

luis.rudge · June 5, 2018, 12:42am

You can do that using a rule. More on this here: OpenID Connect Scopes

neil2 · June 5, 2018, 7:01am

Thanks for the reply. Are you suggesting that the rule could call a rest api in my application to get the custom data. If that’s possible I’m not sure how I would secure that api call. Do you have an example anywhere? Thanks again

luis.rudge · June 6, 2018, 5:17pm

Yes, you can do that in a rule. How you’ll secure that call it’s up to you. Use a secret token/use the current transaction state etc.