Groups claim using authorization extension

Problem statement

I need to pass a “groups” claim in tokens when using the Authorization Extension.


  • The groups claim is restricted, and the Authorization Extension no longer adds data directly to tokens.
  • See this related Community Post


The claim namespaced as “groups” is a restricted claim name, and thus any attempts to add this claim to the tokens will be ignored: See our Create Custom Claims documentation.

Historically, the Authorization Extension could add claims directly to tokens, but this is no longer the case, and we recommend using the Authorization Core feature where possible instead of the extension.

In summary, an Action should be used to add the namespaced groups claim to the tokens. For example, you could append the claim based on the user’s app_metadata.