Expose the app_metadata in custom Login flow action

Problem statement

We want to expose the app_metadata in the token returned by the API.
The app_metatdata is like this:

"first_name": "xxx",
"last_name": "yyy",
"calendar_url": "zzz"

I want the calendar_url to be exposed in the user token.

I have an action that exposes the roles like the one below and would like to know how to add the app_metadata.

exports.onExecutePostLogin = async (event, api) => {
if (event.authorization) {
api.idToken.setCustomClaim(`user_roles`, event.authorization.roles);


You can use a Post Login Action similar to what you have, something like the below should work:

exports.onExecutePostLogin = async (event, api) => {
  const namespace = 'https://myapp.example.com';

  if (event.authorization) {
  // Set claims
    api.idToken.setCustomClaim(`${namespace}/calendar_url`, event.user.app_metadata.calendar_url);

There’s an example of how you might extract user information from metadata

See here for information on custom claims, the best practice is to use name-spaced claims to avoid name collisions now and in the future. However, this is no longer necessary providing you follow these guidelines