Custom Login from main Process in Electron App

I have previously asked about this here:

I am trying to authenticate a user and obtain their app_metadata from the main process of an electron app. Using webAuth.client.login() works fine, however, calling webAuth.client.userInfo() afterwards does not include the user’s app_metadata.

Unfortunately, webAuth.client.login() also does not include the userId, which prevents me from using the management api to fetch the user_profile instead.

Is there a simple guide on how to authenticate a user using the authentication api without any redirects or popups? I know about the pkce demos (GitHub - darkyen/pkce-demos: A bunch of PKCE demos, using Auth0.js to extend the 🔐 to multiple providers!) but am having trouble implementing them without forcing the user to leave the electron app and logging in inside his browser.

(EDIT: Also see

The webAuth.client.login() uses the the /oauth/token endpoint which is part of the features available under the scope of API Authorization and OIDC conformance. The side effect of this is that non-standard/custom claims like app_metadata are not automatically included or mapped to the issued ID token.

You have to include custom claims explicitly through the means of a rule (read more about this at OIDC - User Profile Claims).

Using a rule you can add this information to the token (take in consideration that the claim type/name has to use a namespace so there’s not possibility to conflict with future OIDC claims):

function (user, context, callback) {
  if (context.idToken) {
    context.idToken""] = user.app_metadata;

  callback(null, user, context);

Also note that the user_id is already included in the ID token by default; it just uses the OIDC claim type of sub, which refers to the subject claim that represents the user identifier at the associated OIDC issuer (which is the Auth0 user_id).