@ricardo.batista: I see that you’re using an auth0.com domain as the namespace for your custom claims. As stated in the documentation: auth0.com, webtask.io and webtask.run are Auth0 domains and therefore cannot be used as a namespace identifier.
Thank you. I changed my namespace to https://eplsms.stratelogics.com and, still, the data I am looking for is not included in the access token. Here’s the rule:
Did you ever find a solution to this? I’m experiencing the same issue with my app, even though I followed the guide (SPA + API) to the letter. I’ve been struggling with this for the last day with no idea how to proceed. I’m using the live logging with logging statements in my rules and see that the custom claim has been added to the context.accessToken, but when I inspect the token it is missing the claims.
I’m peforming a POST request to /oauth/token via Postman with the following params:
grant_type:client_credentials
client_id: {client_id}
client_secret: {client_secret}
audience: {api_audience} // get this on API > Settings > Identifier
Then I get the access_token and when I inspect using jwt.io I only see the following info:
I have exactly this issue, my namespace is good, the rule is almost identical to yours, but nothing gets added to the access token. Did you manage to find a solution to this?
I’m also having an issue as I’m not able to add the custom claims to the access token. It would be interesting to hear if anyone has a solution to adding rules with custom claims to the /token endpoint with an example. I’m facing the same problem.
Hey, setting either the scope or a set of custom claims does not work for access tokens. I think I tried every single approach including the two from the rules samples:
I tested it both through the “try it” rule button, where the access token is augmented and when logging in and deciphering JWT.
@ricardo.batista could you take a look at it? I’m pinging you as you’re the Auth0 employee in this thread and maybe you have some way for testing it internally.
Recently we have some community developers reporting problems with running their rules. I’m not into the progress of things in that thread but you can find that one helpful:
I’m having the same problem with context.accessToken, though does work with context.idToken. But just to double-check (and to help anyone searching at home) you need to include your custom claim URLs in your scope. For instance, if your rule is:
For anyone else who ends up here - it appears that Rules are not run for Client Credentials Flow (used by M2M applications hitting the /oauth/token endpoint). According to an Auth0 support personnel:
Actually Client Credentials grant requests do not trigger Auth0 Rules pipeline because they are not considered user logins. They should be used only for Machine-to-Machine API calls.
You would need to add the claim ( https://carolpettirossi.com/email ) to your scope:
That’s not correct, it’s not required to add the scope in the request. With just the rule provided above, the custom claim will always be added, regardless of requested scopes.