How do I Add Identity Claims to my Access Token?

I am using the following Rule script to try and push identity information into my access token. I have the logging code included temporarily to verify that there are values for these claims.

function (user, context, callback) {
  const namespace = 'https://mydomain.com';

  let accessTokenClaims = context.accessToken || {};

  // temporary
  console.log('Name: ' + user.name);
  console.log('Given Name: ' + user.given_name);
  console.log('Family Name: ' + user.family_name);
  console.log('Email: ' + user.email);
  console.log('Email Verified: ' + user.email_verified);
  console.log('Picture: ' + user.picture);

  accessTokenClaims['${namespace}/name'] = user.name; 
  accessTokenClaims['${namespace}/given_name'] = user.given_name; 
  accessTokenClaims['${namespace}/family_name'] = user.family_name; 
  accessTokenClaims['${namespace}/email'] = user.email;
  accessTokenClaims['${namespace}/email_verified'] = user.email_verified;
  accessTokenClaims['${namespace}/picture'] = user.picture;
  
  context.accessToken = accessTokenClaims;
  
  callback(null, user, context);
}

When I debug using the Webtask logs I have values for these claims but when I get my access token these claims do not exist. What am I doing wrong?

I think you are meaning to use backticks (`) not regular single quotes (') here:

  accessTokenClaims['${namespace}/name'] = user.name; 
  accessTokenClaims['${namespace}/given_name'] = user.given_name; 
  accessTokenClaims['${namespace}/family_name'] = user.family_name; 
  accessTokenClaims['${namespace}/email'] = user.email;
  accessTokenClaims['${namespace}/email_verified'] = user.email_verified;
  accessTokenClaims['${namespace}/picture'] = user.picture;

it should be

  accessTokenClaims[`${namespace}/name`] = user.name; 
  accessTokenClaims[`${namespace}/given_name`] = user.given_name; 
  accessTokenClaims[`${namespace}/family_name`] = user.family_name; 
  accessTokenClaims[`${namespace}/email`] = user.email;
  accessTokenClaims[`${namespace}/email_verified`] = user.email_verified;
  accessTokenClaims[`${namespace}/picture`] = user.picture;
1 Like

You are so right! Thank you for pointing that out!

2 Likes

Any time, glad it helped! :slight_smile:

1 Like

Thanks a lot for the cooperation!

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.