Get user's organization id

When a user authenticates I need their organization id to be included in the jwt token. Does anyone know how to activate that?
I have tried adding the metadata at the organization level and that does not automatically add it to the user’s jwt.
Adding metadata for every user would not be practical.
Does anyone else have an idea or know how to get the organization id into the user’s jwt after auth?

Hi @cgifford,

Welcome to the Community!

When you make the /authorize request in your app, you can pass the organization query string parameter to include the org_id claim in the ID Token:

loginWithRedirect({organization: 'org_abc123'})

Here is additional info about working with tokens and organizations:

1 Like

Hi @cgifford - if an end-user is authenticating in the context of an organization, the org_id will be present in both the user’s Access and ID tokens.

1 Like

Thanks.
I’ll try that approach.
I was hoping that the user could log in without specifying which organization he/she is a part of and since I have put the users in their respective organizations their organization would be returned.
Perhaps, the issue is that a user could be part of multiple orgs?
Not seeing that in the response token but I also may not be seeing it because I don’t have an enterprise subscription. I have a call with sales to figure that out tomorrow.

3 Likes

This new feature is exactly what I’ve been looking for.
I basically want to put users in groups but all under one domain.
Unfortunately, with only a dev license subscription that may be my problem.
I think it would be even more amazing if it could return the org_id simply from the user logging in without even specifying.
But, I could see if the user was a member of multiple orgs that is not as simple as it would be an array instead of a string, perhaps?

1 Like

Hi @cgifford - glad to hear that.

Re: dev license, thanks for that feedback.

A user must log-in in the context of an organization in order for org claims to be present in their ID and Access Token. A given user could be a member of a large number of organizations, depending on the use-case that you are supporting. Can you describe what you’re looking to do with organizations, or what use-case you are looking to support?

Thanks,

Adam

2 Likes

On my project I inject custom info about user stored in user_metada, or app_metadata in the JWT using rule like this:

function (user, context, callback) {
  //const userAppsRoles = (context.authorization || {}).roles;
  //const connectionID = (context || {}).connectionID;
  // app_metadata
  const userAppMetadata = user.app_metadata = user.app_metadata || {};
  const userCustomerId = userAppMetadata.cid = userAppMetadata.cid || null;
  // user_metadada
  const userUserMetadata = user.user_metadata = user.user_metadata || {};
  const userLanguage = userUserMetadata.language = userUserMetadata.language || null;
  
  let idTokenClaims = context.idToken || {};
  let accessTokenClaims = context.accessToken || {};

  idTokenClaims[configuration.NAMESPACE + 'cid'] = userCustomerId;
  accessTokenClaims[configuration.NAMESPACE + 'cid'] = userCustomerId;
  idTokenClaims[configuration.NAMESPACE + 'language'] = userLanguage;
  accessTokenClaims[configuration.NAMESPACE + 'language'] = userLanguage;
  
  context.idToken = idTokenClaims;
  context.accessToken = accessTokenClaims;

  callback(null, user, context);
}