I have a frontend and a backend in .NET, where the frontend initiates an OpenID Connect flow by hitting my backend, which then redirects to Auth0 for authentication. Once the user logs in or registers, Auth0 issues the ID token, and the user is redirected back to my backend. Upon inspecting the ID token, I see a user ID claim generated by Auth0, but I need to add my own custom user ID generated from my backend’s database as an additional claim in the ID token.
In .NET, I’ve tried hooking into various events such as OnTokenValidated, but at that point, the token has already been signed and issued, so modifying it is not an option.
I’ve also read Auth0’s documentation, which suggests using Actions to add custom claims. However, since the claim I need is unique to each user and generated by my application, I would have to expose my local machine to the internet to allow Auth0 Actions to retrieve this user ID. I want to avoid exposing my backend while developing locally.
I’m looking for any advice on how to add this custom user ID claim to the ID token issued by Auth0, or if it’s even possible.
Additionally, I noticed that in .NET, there is an OpenIdConnect event called RedirectToIdentityProvider, which I can override. In this event, I considered generating a custom user ID and passing it as a parameter when the user is redirected to Auth0. Then, I could potentially read this parameter from Auth0 Actions. However, this approach doesn’t make sense either, since it would result in generating a new user ID every time the user logs in or registers. This user ID should only be generated once, during the registration process, which is something handled by Auth0.