Custom Claims not showing up in NextJS Session

jasonminor · August 14, 2025, 4:55pm

I’m trying to get custom claims to show up in my application and I’m having issue. I’ve read through several other topics with people have the same issue, but nothing I’ve tried so far has worked.

Below I’ve replaced my app URL with app.mysite.com

Here is my post-login action:

exports.onExecutePostLogin = async (event, api) => {
  api.idToken.setCustomClaim('https://app.mysite.com/test', 'hello-test');
  api.accessToken.setCustomClaim('https://app.mysite.com/access-test', 'hello-access-token-test');

  if (event.authorization) {
    api.idToken.setCustomClaim('https://app.mysite.com/roles', event.authorization.roles);
  }
};

and here is my auth0.ts library setup:

import { Auth0Client } from "@auth0/nextjs-auth0/server";

// Initialize the Auth0 client 
export const auth0 = new Auth0Client({
  // Options are loaded from environment variables by default
  // Ensure necessary environment variables are properly set
  // domain: process.env.AUTH0_DOMAIN,
  // clientId: process.env.AUTH0_CLIENT_ID,
  // clientSecret: process.env.AUTH0_CLIENT_SECRET,
  // appBaseUrl: process.env.APP_BASE_URL,
  // secret: process.env.AUTH0_SECRET,

  authorizationParameters: {
    // In v4, the AUTH0_SCOPE and AUTH0_AUDIENCE environment variables for API authorized applications are no longer automatically picked up by the SDK.
    // Instead, we need to provide the values explicitly.
    scope: process.env.AUTH0_SCOPE,
    audience: process.env.AUTH0_AUDIENCE,
  }
});

and environment variables with the sensitive information redacted

AUTH0_SECRET='SECRET'
APP_BASE_URL='http://localhost:3000'
AUTH0_DOMAIN='https://mysite.us.auth0.com'
AUTH0_CLIENT_ID='CLIENT_ID'
AUTH0_CLIENT_SECRET='CLIENT_SECRET'
AUTH0_AUDIENCE='https://mysite.us.auth0.com/api/v2/'
AUTH0_SCOPE='openid profile'

Here is my NextJS Auth0 setup where I’m trying to read it

export async function middleware(request: NextRequest) {
    const auth0Response: NextResponse = await auth0.middleware(request);

    const session = await auth0.getSession(request);
    console.log("Session:", session);
    // Session doesn't include the above claims

    ...

For good measure, I also check in a server side component to see if it showed up there, but it didn’t

import React from 'react';

import { auth0 } from '../lib/auth0';

export default async function Page() {
    const session = await auth0.getSession();
    console.log("Session in LawFirmsListPage:", session);
    ....

I’ve confirmed:

The action is deployed
The action is in the post-login trigger and it is saved
I’ve tried logging out and logging back in again before checking the claims
I’ve also tried going incognito and had the same issue

Topic		Replies	Views
Custom claims in action no longer working after migrating from v3.8 to v4.8 Get Help user-profile , user-management	4	40	July 27, 2025
Custom Claim Does Not Show Up in Access Token Get Help login-experience , login-prompt-new-experience	6	987	June 24, 2024
Custom Claims added to accessToken not being returned from /userinfo Get Help extensibility , actions-extensibility	5	3387	March 25, 2023
Can't find custom claims in idToken Get Help user-profile , user-management	6	71	March 14, 2025
Angular Access Token Custom Claims Get Help jwt , auth0 , login , custom-claims	4	2628	October 13, 2022

Custom Claims not showing up in NextJS Session

Related topics