Is it possible to add custom default scopes while issuing token with password/authorization code grant flow?
I was reading through auth0 docs and it looks like this is supported only in client credentials grant flow.
And for rest of the flow, we either have to assign roles/permissions to users to get these scopes. I understand the reasoning behind it but just to keep our system in parity with old system, we were exploring if there;s any way we can add default scopes in access token?
For example, add custom login in post login action to include appropriate scopes.
Hi @tyf , seems like that is exactly what I am looking for.
But I am not able to find Token Dialect option anywhere. Can you please point me where that setting is present in the dashboard? I looked at the Authentication/APIs section but couldn’t find it.
Seems like I need to use Management API to set the token dialect. I will have to do this in Post registration action (Social logins might not be supported) or Post Login action (Also refresh the token)
My use case at the moment is -
If request contains scopes, then just return same in the jwt
If request does not contains any scope, then return default scopes in the jwt
Note: This is just to keep parity with legacy system from where we are migrating to auth0.
I have come up with this Post Login Action, @tyf do you see any issues with this?:
const namespace = 'https://example.com';
const scpClaimKey = `${namespace}/scp`
const userIdClaimKey = `${namespace}/user_id`
const defaultClaims = ["withdraw:rw", "deposit:rw"]
/**
*Handler that will be called during the execution of a PostLogin flow.
,*
,*@param {Event} event - Details about the user and the context in which they are logging in.
,*@param {PostLoginAPI} api - Interface whose methods can be used to change the behavior of the login.
,*/
exports.onExecutePostLogin = async (event, api) => {
const scope = event.request.query.scope ? event.request.query.scope : event.request.body.scope;
addScope(api, scope);
api.accessToken.setCustomClaim(userIdClaimKey, event.user.user_id);
}
/**
,*Add custom claims to the access token
,*
,*@param {PostLoginAPI} api - Interface whose methods can be used to change the behavior of the login.
,*@param {string} scope - scope field from the request body or query param.
,*/
function addScope(api, scope) {
if (scope === undefined || scope === null || scope === "") {
api.accessToken.setCustomClaim(scpClaimKey, defaultClaims);
}
else {
api.accessToken.setCustomClaim(scpClaimKey, scope.split(" "));
}
}
You will need to set TOKEN_DIALECT using the Management API - Social Logins will only work with a Post Login Action - Regarding the Action code, without testing anything it looks OK to me! Please do update us here on how this works out for you if you find the time
