Auth0 Home Blog Docs

Groups in id_token

I’ve looked at a lot of the old threads but I cannot seem to find a simple solution. The platform that requires the id_token looks for an element in the JWT named “groups”.

By using the Authorization extension and a rule to grab the groups I can get the id_token to look like this:

{
http://yourdomain/claims/groups”: [
“fm_group_1”
],
“email”: "wim@connectingdata.com",
“email_verified”: true,
“iss”: “https://dev.auth0.com/”,
“sub”: “auth0|something”,
“aud”: “something”,
“iat”: 1568227905,
“exp”: 1568263905,
“c_hash”: “I_iHUdwzP9883GFGGDdYzQ”,
“nonce”: “f8jaskrkn97”
}

What I need however is to just have a “groups” element without the namespacing.
I tried to update the rule to omit the namespace or set it to blank but then I don’t get any group info returned.

What am I missing? Seems like many questions in this forum almost touch on it but don’t really explain how to get there.

Hi @wdecorte,

Welcome to the Auth0 Community Forum!

Namespacing is enforced, and non-conformant claims such as groups will be omitted by default, this is why you are not seeing what you are requesting.

Take a look at this doc that addresses the issue and touches on claims that do not conform to the namespacing rules Auth0 has set.

Hope this helps!

Thanks,
Dan

Thanks for the confirmation. That rules out Auth0 for now in this particular deployment.