Auth0 Home Blog Docs

How to get custom claim in the JWT Token?

ios

#1

I’m trying to integrate Auth0 into my existing App. I followed the guide at Postgrest Docs to add a rule to get the role from app_metadata. I’ve stored a custom property role in the app_metadata, and created a rule to Add persistent attributes to the user. However when I do a webAuth(), the credentials returned doesn’t have the custom claim in the JWT (in both accessToken and idToken). Here’s the code that I’m using.

Auth0.webAuth()
     .scope("openid role profile read:current_user update:current_user_metadata")
    .audience("https://mydomain.eu.auth0.com/api/v2/")
     .start { [weak self] in
         switch $0 {
         case .failure(let error):
             print("Error: \(error)")
         case .success(let credentials):
             _ = self?.credentialsManager.store(credentials: credentials)
             // accessToken or idToken here don't contain the `role` claim, which I verify on jwt.io
         }
    }

The rule that adds persistent attribute to the user

function (user, context, callback) {
  const namespace = 'https://mydomain.eu.auth0.com/';
  const key = "role";
  const value ="my_role";
  context.idToken[namespace + key] = value;
  context.accessToken[namespace + key] = value;
  callback(null, user, context);
}

Testing the Rule on dashboard gives this data:

{
  "https://mydomain:eu:auth0:com/role": "my_role"
}

#3

Hey there @FlyingSnake, when you get a minute can you share your tenant name in a DM with me so I can take a further look at the situation? I have also included our documentation on custom claims for a historical context reference point. Thanks in advance!


#4

@James.Morrison: I’ve sent you a PM with the tenant ID.

I’m really lost as to why the accessToken or idToken doesn’t reflect the my_role field. Is the usage of Auth0.webAuth().audience()... correct, or should I use another API?

Any help is highly appreciated.


Best Regards,
Sam


#5

Solved it using the predefined Set roles to a user Rule template. Now the accessToken shows the Custom claim role.


#6

fantastic, I’m glad you were able to solve it and thank you for sharing the solution! Have a wonderful day :slightly_smiling_face:.