How do I Add Identity Claims to my Access Token?

jlavallet · January 23, 2020, 8:00pm

I am using the following Rule script to try and push identity information into my access token. I have the logging code included temporarily to verify that there are values for these claims.

function (user, context, callback) {
  const namespace = 'https://mydomain.com';

  let accessTokenClaims = context.accessToken || {};

  // temporary
  console.log('Name: ' + user.name);
  console.log('Given Name: ' + user.given_name);
  console.log('Family Name: ' + user.family_name);
  console.log('Email: ' + user.email);
  console.log('Email Verified: ' + user.email_verified);
  console.log('Picture: ' + user.picture);

  accessTokenClaims['${namespace}/name'] = user.name; 
  accessTokenClaims['${namespace}/given_name'] = user.given_name; 
  accessTokenClaims['${namespace}/family_name'] = user.family_name; 
  accessTokenClaims['${namespace}/email'] = user.email;
  accessTokenClaims['${namespace}/email_verified'] = user.email_verified;
  accessTokenClaims['${namespace}/picture'] = user.picture;
  
  context.accessToken = accessTokenClaims;
  
  callback(null, user, context);
}

When I debug using the Webtask logs I have values for these claims but when I get my access token these claims do not exist. What am I doing wrong?

simpleauthority · January 23, 2020, 8:02pm

I think you are meaning to use backticks (`) not regular single quotes (') here:

  accessTokenClaims['${namespace}/name'] = user.name; 
  accessTokenClaims['${namespace}/given_name'] = user.given_name; 
  accessTokenClaims['${namespace}/family_name'] = user.family_name; 
  accessTokenClaims['${namespace}/email'] = user.email;
  accessTokenClaims['${namespace}/email_verified'] = user.email_verified;
  accessTokenClaims['${namespace}/picture'] = user.picture;

it should be

  accessTokenClaims[`${namespace}/name`] = user.name; 
  accessTokenClaims[`${namespace}/given_name`] = user.given_name; 
  accessTokenClaims[`${namespace}/family_name`] = user.family_name; 
  accessTokenClaims[`${namespace}/email`] = user.email;
  accessTokenClaims[`${namespace}/email_verified`] = user.email_verified;
  accessTokenClaims[`${namespace}/picture`] = user.picture;

jlavallet · January 23, 2020, 8:09pm

You are so right! Thank you for pointing that out!

simpleauthority · January 23, 2020, 8:10pm

Any time, glad it helped!

konrad.sopala · January 24, 2020, 8:04am

Thanks a lot for the cooperation!

system · February 8, 2020, 8:04am

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Add standard claims to access token Get Help jwt , access-token	3	3324	August 29, 2019
Adding email_verified to accessToken Get Help rules , access-token , email-verification	4	6139	July 25, 2019
How to add custom user claim to access token for API? (Authorization Code Grant) JWT.io jwt , api , login	7	24312	January 7, 2019
How to add custom claim to token issued via Authorization Code Flow JWT.io	3	3866	November 1, 2019
Custom claims not added to access_token despite Rule Get Help rules , access_token , custom-claims	21	23850	March 17, 2020

How do I Add Identity Claims to my Access Token?

Related topics