Custom rule to add user.app_metadata to accessToken does not trigger

glennydc · February 19, 2020, 4:27pm

Greetings,

I set up a custom rule to add user.app_metadata to the accessToken, which I retrieve when logging in.
I did not set any other configuration as I assume that rules work on every request when they are enabled.

I use the auth0-js client library and can successful login and retrieve a accessToken.

This is my rule:

function (user, context, callback) {
 const namespace = "https://my_namespace/"; // my_namespace is a placeholder...

  context.accessToken[namespace + "app_metadata"] = user.app_metadata;

  callback(null, user, context);
}

This is my client setup:

const auth0Client = new auth0.WebAuth({
    domain: config.AUTH0_DOMAIN,
    audience: "https://${config.AUTH0_DOMAIN}/userinfo",
    clientID: config.AUTH0_CLIENT_ID,
    redirectUri: config.AUTH0_REDIRECT_URL,
    responseType: "id_token",
    scope: "openid profile email",
});
auth0Client.authorize();

markd · February 19, 2020, 4:34pm

Hi @glennydc,

Are you sure you are getting an access token and not an ID token? I believe you need to specify token in your response type if you want an access token.

Otherwise, your rule looks fine to me. This is my template rule for that use case:

github.com

dmark/auth0-cli-utilities/blob/master/rules/add-user-metadata-to-idtoken.js

function (user, context, callback) {
  var namespace = "https://sr2.ca/claims/";
  user.user_metadata = user.user_metadata || {};
  context.idToken[namespace + "user_metadata"] = user.user_metadata; 
  callback(null, user, context);
}

jeremy.qtweb · April 2, 2023, 3:02am

Soooo it’s 2023 and this month I loaded up my project which uses exactly that template you shared @markd except my metadata is now missing!?

I literally ran this same project about three weeks ago and it was fine.

Has some breaking change come through and done the nasty?

jeremy.qtweb · April 2, 2023, 3:08am

Interesting… my namespace had /custom at the end. I removed it to see what would happen and now the metadata is back.

I’ve made no other changes. Weird.

jeremy.qtweb · April 2, 2023, 3:25am

So I changed the namespace (removing “/custom” off the end) and my frontend code to suit, and it worked again.

Then I changed both back to the original namespace I had and it’s still working, just like it used to.

Did the rule just stop getting processed or something, until I started making changes and then it kicked in again?

Little concerning

konrad.sopala · January 8, 2024, 8:40am

Hey there!

As this topic is related to Rules - Hooks - Actions and Rules & Hooks are being deprecated soon I’m excited to let you know about our next Ask me Anything session in the Forum on Thursday, January 18 with the Rules, Hooks and Actions team on Rules & Hooks and why Actions matter! Submit your questions in the thread above and our esteemed product experts will provide written answers on January 18. Find out more about Rules & Hooks and why Actions matter! Can’t wait to see you there!

Learn more here!

Topic		Replies	Views
Add Custom Claims to User Profile (User / App Metadata) Help jwt , auth0 , rules	4	4580	March 31, 2020
Adding metadata to jwt token Help jwt , rules , user-metadata	4	19496	September 30, 2020
Custom claims not added to access_token despite Rule Help rules , access_token , custom-claims	21	23769	March 17, 2020
How to add user meta data and app meta data in access token? Help auth0 , api , rules	2	6737	March 28, 2022
Enable user_metadata and app_metadata on JWT token JWT.io app_metadata , user_metadata	6	13146	August 19, 2019

Custom rule to add user.app_metadata to accessToken does not trigger

Related Topics