I am trying to add the roles the users have in the ID Token. All of the responses on here seem pretty old so they are all rule related. I tried this
exports.onExecutePostLogin = async (event, api) => {
if(event.authorization != null){
api.idToken.setCustomClaim("roles", event.authorization.roles)
}
};
But it didn’t work I looked at the template and it uses
const specialName = event.secrets.SPECIAL_ROLE_NAME;
const specialValues = event.secrets.SPECIAL_ROLE_VALUE?.split(',').map(
(v) => v.trim()
);
But I am not sure what I need to do to set the SPECIAL_ROLE_*
How do I handle this?
Hi @jackiegleason
The first action code you have posted should work fine in setting a custom claim including the user roles, however, I believe the issue resides in the fact that you cannot use just roles for the namespace since it is part of the general restrictions list mentioned in our documentation.
I have used the following action code and I was able to retrieve the roles inside the IdToken:
exports.onExecutePostLogin = async (event, api) => {
api.idToken.setCustomClaim("https://randomnamespace.net/roles", event.authorization.roles);
};
Resulting IdToken:
{
"sub": "{{user.id}}",
"given_name": "Jack",
"family_name": "Daniels",
"nickname": "{{user.nickname}}",
"name": "{{user.email}}",
"picture": "somerandompic.png",
"updated_at": "2025-04-14T17:57:30.657Z",
"https://randomnamespace.net/roles": [
"Secondary Test",
"Test"
]
}
If you have any other questions, feel free to leave a reply!
Kind Regards,
Nik