How to add user meta data and app meta data in access token?

selvi · March 9, 2022, 1:21pm

I am trying to get app metadata and user metadata using accesstoken by UserNameAndPassword authentication.
But I am getting role information alone, While decoding my access token.
Added below rule script


function (user, context, callback) {
  const namespace = 'https://myapp.example.com';
  const assignedRoles = (context.authorization || {}).roles;

  let idTokenClaims = context.idToken || {};
  let accessTokenClaims = context.accessToken || {};

  idTokenClaims[`${namespace}/role`] = assignedRoles;
  accessTokenClaims[`${namespace}/role`] = assignedRoles;

  context.idToken = idTokenClaims;
  context.accessToken = accessTokenClaims;
  if (context.idToken && user.user_metadata) {
     context.idToken[namespace + 'user_metadata'] = user.user_metadata;
   }
   if (context.idToken && user.app_metadata) {
     context.idToken[namespace + 'app_metadata'] = user.app_metadata;
   }

 return callback(null, user, context);
}

Curl command
curl --request POST
–url ‘https://domain/oauth/token’
–header ‘content-type: application/x-www-form-urlencoded’
–data grant_type=password
–data username=sample@gmail.com
–data password=pwd
–data audience=https://domain/api/v2/
–data ‘client_id=bdskjafdf’
–data scope=openid profile email phone
–data client_secret=nfnkdfndndfn
decode sample response

{
“https://myapp.example.com/role”: [
“role-a”,
“role-b”
],
“iss”: “https://domain.com/”,
“sub”: “auth0|00000000070688462”,
“aud”: [
“https://domain/api/v2/”,
“https://domain/userinfo”
],
“iat”: 164650,
“exp”: 1646050,
“azp”: “sbdkjbskjkn”,
“scope”: “openid profile email address phone read:current_user update:current_user_metadata delete:current_user_metadata create:current_user_metadata create:current_user_device_credentials delete:current_user_device_credentials update:current_user_identities”,
“gty”: “password”
}

Need clarification What url need to be passed on rule const namespace = ‘https://myapp.example.com’;

tyf · March 14, 2022, 11:41pm

Hello @selvi welcome to the community!

You can read more about namespaced claims here, but the namespace is more or less simply to ensure that claims don’t collide with reserved claims nor claims from other resources.

selvi:

context.idToken = idTokenClaims;
  context.accessToken = accessTokenClaims;
  if (context.idToken && user.user_metadata) {
     context.idToken[namespace + 'user_metadata'] = user.user_metadata;
   }
   if (context.idToken && user.app_metadata) {
     context.idToken[namespace + 'app_metadata'] = user.app_metadata;
   }

It looks like you’re adding these claims to the ID Token here whereas you shared what seems to be an access token. Can you confirm whether or not they exist in the ID Token?

Let us know!

tyf · March 28, 2022, 3:00pm

This topic was automatically closed after 9 days. New replies are no longer allowed.