How do I encode custom claims in the access token JWT returned from the oauth 2.0 flow?

david.zirinsky · January 18, 2023, 11:13pm

When logging in with a username password combo my custom claims are encoded, but that isn’t the case when I go through the Oauth2.0 flow. My custom claims are in the id token, but not in the access token.

I don’t think it’s safe to gate api access on an id token so this won’t work

dan.woda · January 23, 2023, 3:45pm

Hi @david.zirinsky,

Can you explain what you mean by “Oauth2.0 flow”? Do you have an example of the call you are making?

david.zirinsky · January 23, 2023, 5:28pm

Two was to get the tokens missing claims:

Going through the oauth flow does not encode claims in our access token. Going through the tutorial at: Auth0 Python SDK Quickstarts: Login yields a token that can no custom claims. The same can be seen with the follow curl command:

curl --location --request POST ‘https://MY_AUTH0_DOMAIN/oauth/token’ \

–header ‘content-type: application/x-www-form-urlencoded’ \

–data-urlencode ‘grant_type=refresh_token’ \

–data-urlencode 'client_id=OUR CLIENT ID \

–data-urlencode ‘client_secret=OUR SECRET’ \

–data-urlencode ‘refresh_token=VALID_REFRESH_TOKEN’

dan.woda · January 24, 2023, 2:07pm

Can you please share an example of the Action you are using to add custom claims?

david.zirinsky · January 24, 2023, 4:50pm

exports.onExecutePostLogin = async (event, api) => {
  const namespace = 'our_namespace';
  const { field_1, field_2, field_3, field_4 } = event.user.user_metadata;

  if (event.authorization) {
    // Set claims 
    api.accessToken.setCustomClaim(`${namespace}/field_1`, field_1);
    api.accessToken.setCustomClaim(`${namespace}/field_2`, field_2);
    api.accessToken.setCustomClaim(`${namespace}/field_3`, field_3);
    api.accessToken.setCustomClaim(`${namespace}/account_uuid`, account_uuid);
    api.idToken.setCustomClaim(`${namespace}/field_1`, field_1);
    api.idToken.setCustomClaim(`${namespace}/field_2`, field_2);
    api.idToken.setCustomClaim(`${namespace}/field_3`, field_3);
    api.idToken.setCustomClaim(`${namespace}/field_4`, field_4);
  }
};

dan.woda · January 25, 2023, 6:56pm

@david.zirinsky,

Make sure your namespace follows the guidelines:

Also, can you confirm you are sending an audience param with your requests? You may not be requesting a JWT.

system · March 28, 2023, 1:22pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Custom Claim Does Not Show Up in Access Token Help login-experience , login-prompt-new-experience	6	412	June 24, 2024
Custom claim appears when decoding access token but not in custom claims object Help extensibility , actions-extensibility	2	11	July 31, 2024
Custom claims in access token with auth0-spa-js Help	4	4450	April 23, 2020
Custom accessToken claim not being returned to app Help	3	3435	December 17, 2018
How to add custom user claim to access token for API? (Authorization Code Grant) JWT.io jwt , api , login	7	23202	January 7, 2019

How do I encode custom claims in the access token JWT returned from the oauth 2.0 flow?

Related Topics