How can I get my custom scopes in the access token?

maxime.fleury · October 7, 2024, 3:14pm

Hi Community,

I tried to have some custom scopes in my access token. For this, i have:

For my Auth0 API, I turned on the Enable RBAC feature.
Then Added my custom scope to my API (say: view:balance)
On my SPA app, I make sure ask for my custom scope when i call authorize (using angular auth0 SDK).

I can see in browser console requesting all scopes I need, however my custom scopes are not included in my access token.

Maybe I am missing a step somewhere?

Thank you!

petre.timotei · October 7, 2024, 3:39pm

Hi @maxime.fleury,

Welcome to the Auth0 Community!

Custom claims can be added to an Access/ID Token in a namespace format by utilizing a Post Login Action. For example:

exports.onExecutePostLogin = async (event, api) => {

 const namespace = 'https://myapp.example.com';
 const { favorite_color, preferred_contact } = event.user.user_metadata;

 if (event.authorization) {
  // Set claims in ID token
  api.idToken.setCustomClaim(`${namespace}/favorite_color`, favorite_color);
  api.idToken.setCustomClaim(`${namespace}/preferred_contact`, preferred_contact);

  // Set claims in access token
  api.accessToken.setCustomClaim(`${namespace}/favorite_color`, favorite_color);
  api.accessToken.setCustomClaim(`${namespace}/preferred_contact`, preferred_contact);
 }
};

Also please check these articles:

Related FAQs:

How to add Roles and Permissions to the ID Token using Actions?

Thanks,
Timotei

maxime.fleury · October 7, 2024, 5:23pm

I think I understand, correct me if I am wrong.

Every time I add a new scope for my API, I would need:

to assign it to my users first
then the user log in to my app
the app prompts the consent popup from auth0
User accepts/grants application to use the new scope
then auth0 add the scope to the access_token.

I found one way to assign a new api scope to an user, by going to:

User management → users
Select an user
Permission
Click assign permission
Select permissions from existing APIs
Select permissions (which are scopes) available
Click add permissions

this method is very manual!

Is yours would achieve the same thing automatically?

thanks for your help

Topic		Replies	Views
Angular Access Token Custom Claims Help jwt , auth0 , login , custom-claims	4	2484	October 13, 2022
Custom Claims in the Access Token Help	3	3658	October 22, 2020
Access token contains custom claims using Rules, but not Actions Help rules	5	3946	July 14, 2022
Adding custom claims to tokens Knowledge Articles id_token , access-token , custom-claims , actions	1	7068	June 3, 2022
Custom claim in access token Help jwt , auth0 , rules	4	3294	August 14, 2022

How can I get my custom scopes in the access token?

Related Topics