Overview
This article will explain how to pass how to pass custom data with POST requests using the Device Code Flow.
- It is possible to do this with a post-login action when making requests to the oauth/token endpoint in a Machine-to-Machine Client Credentials action, but this does not work with the Device Code Flow in the same way.
- According to the document Device code parameters, the only parameters that can be passed in a POST call to oauth/device/code are client_id, scope, and audience.
Applies To
- Actions
- Device Code Flow
- ID Tokens
- Custom Claims
Solution
To pass custom data from the Device Code Flow, use the scopes sent in the initial request to oauth/device/code and use the Post-Login Action event.transaction object to inspect the requested scopes.
- In the POST call to /oauth/device/code (example here: Example POST to device code URL), include
YOUR_CUSTOM_SCOPE
as a scope. - Create and deploy a Post-Login Action that looks like this:
exports.onExecutePostLogin = async (event, api) => {
const namespace = 'https://my-namespace';
if (event.transaction) {
const scopes = event.transaction.requested_scopes;
if (scopes.includes('YOUR_CUSTOM_SCOPE')) {
api.idToken.setCustomClaim(`${namespace}/env`, 'YOUR_CUSTOM_SCOPE');
}
}
};
The ID Token will have ‘YOUR_CUSTOM_SCOPE’ added as a custom claim.