How to get org_id as part of access token?

  • I am try to get get org_id While generating using UserNamePassword authentication?
  • I have added rule as below
    context.accessToken[namespace + ‘org’] = context.organization;
  • After generating access token and I have decoded it and I couldn’t find any org_id in json

Hi @selvi,

Thanks for reaching out to the Auth0 Community!

I understand you want to add the org_id as a custom claim to your access token.

To do so, please make sure your Rule looks something like the following:

function (user, context, callback) {
  
  const namespace = 'https://example.com';
  context.accessToken[`${namespace}/org`] = context.organization.id;

  callback(null, user, context);
}

Once that is complete, you will get the org_id in the Access Token. I have tested this and can confirm that it works.

Please let me know if there’s anything else I can do to help.

Thank you.

Tried your solution. Refer the curl command and the error Which I got while trying to get org_id. I tried to print context (console.log(context):wink: Refer the context response below, but I don’t find organization information under the context.

// context response

 {
tenant: 'dev-dsadsaf',
clientID: 'fsadSFA',
clientName: 'spring-with-auth0',
clientMetadata: {},
connection: 'Username-Password-Authentication',
connectionStrategy: 'auth0',
connectionID: 'con_5ivApE7L1v3Ef9UD',
connectionOptions: {},
connectionMetadata: {},
samlConfiguration: {},
jwtConfiguration: {},
protocol: 'oauth2-password',
stats: { loginsCount: 89 },
accessToken: {},
idToken: {},
locale: 'en',
request: {
userAgent: 'curl/7.58.0',
ip: '2409:4072:109:1233:5c80:2758:7910:4672',
hostname: 'devQW1.us.auth0.com',
body: {
grant_type: 'password',
username: 'USERNAME',
audience: 'https://dev-sewaewqre.us.auth0.com/api/v2/',
client_id: '743r24twrt',
scope: 'openid',
client_secret: '56Euiegongdndni',
connection: 'Username-Password-Authentication'
},
geoip: {
country_code: 'IN',
country_code3: 'IND',
country_name: 'India',
city_name: 'Chennai',
latitude: 12.8996,
longitude: 80.2209,
time_zone: 'Asia/Kolkata',
continent_code: 'AS'
}
},
authorization: { roles: [ 'role-a' ] }
}
{
hobby: 'surfing',
preferred_contact: 'email',
favorite_color: 'blue',
tenant_name: 'dev-dsadsaf'
}
{ plan: 'full' }

// code
context.accessToken[${namespace}/org] = context.organization.id;

Command:
 curl --request POST   --url 'https://dev-uuuu.us.auth0.com/oauth/token'   --header 'content-type: application/x-www-form-urlencoded'   --data grant_type=password   --data username=username   --data password=pwd   --data audience=https://dev-uus.auth0.com/api/v2/   --data 'client_id=savdhsvfdvf'   --data   scope=openid profile user_metadata app_metadata   --data client_secret=5rerheu

Error:
{"error":"access_denied","error_description":"Cannot read property 'id' of undefined"}

Hi @selvi,

Thank you for your response.

The reason why the context object does not contain the organization.id property is because the users did not authenticate through an organization.

To address this, you will need to authenticate users through an organization, and then the organization.id can be appended as a custom claim in the Access Token.

For example:

https://YOUR_DOMAIN/authorize?
    response_type=code&
    client_id=YOUR_CLIENT_ID&
    redirect_uri=https://YOUR_APP/callback&
    scope=SCOPE&
    audience=API_AUDIENCE&
    state=STATE&
    organization=YOUR_ORG_ID

You can read our https://auth0.com/docs/manage-users/organizations/using-tokens#authenticate-users-through-an-organization doc to learn more.

Please do not hesitate to reach out if you have any additional questions.

Thank you.

2 Likes

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.