Hi @jw-85,
Welcome to the Auth0 Community!
I understand you have some questions about decoding your ID Token and Post-Login Action.
First, to validate your ID tokens, you have the option to use one of the JWT.io libraries to parse and inspect them.
As for your Post-Login Action, I noticed that it still needs a namespace to append your custom claims. In this case, you will need to create a namespaced custom claim, which can be any non-Auth0 HTTP or HTTPS URL as the namespace identifier.
However, be mindful that Auth0 domains cannot be used as a namespace identifier, which includes
- auth0.com
- webtask.io
- webtask.run.
See below.
exports.onExecutePostLogin = async (event, api) => {
const namespace = 'https://my-app.example.com';
if (event.authorization) {
await makePostRequestAsync(event.user)
.then(function (res) {
api.idToken.setCustomClaim(`${namespace}/drftid`, res.drftid);
api.idToken.setCustomClaim(`${namespace}/drfttoken`, res.drfttoken);
api.user.setAppMetadata('drftid', res.drftid);
api.user.setAppMetadata('drfttoken', res.drfttoken);
console.log('Request: ' + JSON.stringify(event.user) + '.Response: ' + JSON.stringify(res));
});
}
};
Once this is complete, you can decode your custom claims in the ID token.
Please let me know if you have any questions.
Thanks.