I’m using Auth0 to generate API tokens, but I haven’t find a way to have the jku claim provided in the generated token. The header does contain the kid claim, but no jku claim. I’d expect to have the jku pointing to https://YOUR_DOMAIN/.well-known/jwks.json
Does anyone know how to do this, is there a settings that I missed?
Unfortunately, the jku claim is not part of the standard claims from what I’ve found.
In this case, you have the option and appending the jku claim with the https://YOUR_DOMAIN/.well-known/jwks.json value using either an Auth0 Rule or Action.
Once you’ve done so, your tokens will include the jku claim.
Thanks for your feedback. I’ve indeed thought of that option, but not very familiar with either Rule or Actions. I actually gave it a try but not succeeded, do you have some guidelines to provide to do so, especially to alter the header section of the token?
In this case, I recommend using a Post-Login Action to append custom claims to the Token. Head over to your Auth0 Dashboard > Actions > Flows > Login and click on the plus symbol (+) to create a new custom Action. In that script, use the code below.
Please don’t forget to Deploy the Action and attach the Action to the flow. You will need to drag the Action into your Post-Login Flow, and press Apply.
Once that is done, the jku claim will be in both the access token and ID token.
Please let me know if there’s anything else I can do to help.
many thanks for these guide lines. I’m actually using a client credential flow, so I created an action into the Machine-to-Machine flow. According to the logs, the action is being executed (no errors) when calling the ‘/oauth/token’ endpoint to get the token, but the token doesn’t contain any new claim.
I forgot to mention that you should use any non Auth0 HTTP or HTTPS URL as the namespace identifier. Auth0 domains cannot be used as namespace identifiers, which includes:
so, thanks for the last tip, it works now. However, it seems that claims without a url schema in the name (ex: myclaim) are not supported, is this correct?
Also, is there a way to add claims in the header of the token?