How do I Add Identity Claims to my Access Token?

jlavallet · January 23, 2020, 8:00pm

I am using the following Rule script to try and push identity information into my access token. I have the logging code included temporarily to verify that there are values for these claims.

function (user, context, callback) {
  const namespace = 'https://mydomain.com';

  let accessTokenClaims = context.accessToken || {};

  // temporary
  console.log('Name: ' + user.name);
  console.log('Given Name: ' + user.given_name);
  console.log('Family Name: ' + user.family_name);
  console.log('Email: ' + user.email);
  console.log('Email Verified: ' + user.email_verified);
  console.log('Picture: ' + user.picture);

  accessTokenClaims['${namespace}/name'] = user.name; 
  accessTokenClaims['${namespace}/given_name'] = user.given_name; 
  accessTokenClaims['${namespace}/family_name'] = user.family_name; 
  accessTokenClaims['${namespace}/email'] = user.email;
  accessTokenClaims['${namespace}/email_verified'] = user.email_verified;
  accessTokenClaims['${namespace}/picture'] = user.picture;
  
  context.accessToken = accessTokenClaims;
  
  callback(null, user, context);
}

When I debug using the Webtask logs I have values for these claims but when I get my access token these claims do not exist. What am I doing wrong?

simpleauthority · January 23, 2020, 8:02pm

I think you are meaning to use backticks (`) not regular single quotes (') here:

  accessTokenClaims['${namespace}/name'] = user.name; 
  accessTokenClaims['${namespace}/given_name'] = user.given_name; 
  accessTokenClaims['${namespace}/family_name'] = user.family_name; 
  accessTokenClaims['${namespace}/email'] = user.email;
  accessTokenClaims['${namespace}/email_verified'] = user.email_verified;
  accessTokenClaims['${namespace}/picture'] = user.picture;

it should be

  accessTokenClaims[`${namespace}/name`] = user.name; 
  accessTokenClaims[`${namespace}/given_name`] = user.given_name; 
  accessTokenClaims[`${namespace}/family_name`] = user.family_name; 
  accessTokenClaims[`${namespace}/email`] = user.email;
  accessTokenClaims[`${namespace}/email_verified`] = user.email_verified;
  accessTokenClaims[`${namespace}/picture`] = user.picture;

jlavallet · January 23, 2020, 8:09pm

You are so right! Thank you for pointing that out!

simpleauthority · January 23, 2020, 8:10pm

Any time, glad it helped!

konrad.sopala · January 24, 2020, 8:04am

Thanks a lot for the cooperation!

system · February 8, 2020, 8:04am

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Unable to add custom claim to access token Help rules	8	4923	May 6, 2021
Add standard claims to access token Help jwt , access-token	3	3300	August 29, 2019
How to add custom claim to token issued via Authorization Code Flow JWT.io	3	3823	November 1, 2019
Custom claims not added to access_token despite Rule Help rules , access_token , custom-claims	21	23774	March 17, 2020
Rule to add user email to access token? Help	8	5695	September 16, 2021

How do I Add Identity Claims to my Access Token?

Related topics