How can I get my custom scopes in the access token?

Hi Community,

I tried to have some custom scopes in my access token. For this, i have:

1. For my Auth0 API, I turned on the Enable RBAC feature.
2. Then Added my custom scope to my API (say: view:balance)
3. On my SPA app, I make sure ask for my custom scope when i call authorize (using angular auth0 SDK).

I can see in browser console requesting all scopes I need, however my custom scopes are not included in my access token.

Maybe I am missing a step somewhere?

Thank you!

Hi @maxime.fleury,

Welcome to the Auth0 Community!

Custom claims can be added to an Access/ID Token in a namespace format by utilizing a Post Login Action. For example:

exports.onExecutePostLogin = async (event, api) => {

 const namespace = 'https://myapp.example.com';
 const { favorite_color, preferred_contact } = event.user.user_metadata;

 if (event.authorization) {
  // Set claims in ID token
  api.idToken.setCustomClaim(`${namespace}/favorite_color`, favorite_color);
  api.idToken.setCustomClaim(`${namespace}/preferred_contact`, preferred_contact);

  // Set claims in access token
  api.accessToken.setCustomClaim(`${namespace}/favorite_color`, favorite_color);
  api.accessToken.setCustomClaim(`${namespace}/preferred_contact`, preferred_contact);
 }
};

Also please check these articles:

• Adding Custom Claims to ID Tokens with Auth0 Actions
• Login Flow
• Create Custom Claims
• Sample Use Cases: Scopes and Claims

Related FAQs:

• How to add Roles and Permissions to the ID Token using Actions?
  
  

Thanks,
Timotei

I think I understand, correct me if I am wrong.

Every time I add a new scope for my API, I would need:

• to assign it to my users first
• then the user log in to my app
• the app prompts the consent popup from auth0
• User accepts/grants application to use the new scope
• then auth0 add the scope to the access_token.

I found one way to assign a new api scope to an user, by going to:

• User management → users
• Select an user
• Permission
• Click assign permission
• Select permissions from existing APIs
• Select permissions (which are scopes) available
• Click add permissions

this method is very manual!

Is yours would achieve the same thing automatically?

thanks for your help