Hi, i’m using an Action with api.idToken.setCustomClaim to enrich my token with some metadata but in the token received my value is nowhere to be found.
I try setting the key with my namespace or without and it’s the same result.
Same thing in a rule that work fine for a long time and since monday nothing’s working.
Is this a problem from Auth0 that could be fixed quickly ?
Hi there @alexandre-dubois welcome to the community!
That’s odd! Do you mind sharing the Action code here just so I can take a closer look and even attempt to reproduce on my end?
Thanks!
Of course, i’ll share it. I basically just get some data in my user.app_metadata and add it to the idtoken.
exports.onExecutePostLogin = async (event, api) => {
const namespace = "https://hellobadge.eu.auth0.com/";
if (event.user.app_metadata.licenceKey)
{
api.idToken.setCustomClaim(namespace + "licenceKey", event.user.app_metadata.licenceKey);
}
else
{
api.access.deny("No LicenceKey attached to this user.");
}
};
the metadata is present in this case, it will not go into the access deny part.
Thanks for sharing!
I just altered the code a bit to exclude the namespace, but the following worked for me as expected:
exports.onExecutePostLogin = async (event, api) => {
if (event.user.app_metadata.licenceKey)
{
console.log(`made it here, licenceKey is: ${event.user.app_metadata.licenceKey}`)
api.idToken.setCustomClaim('licenceKey', event.user.app_metadata.licenceKey);
}
else
{
api.access.deny("No LicenceKey attached to this user.");
}
};
Sounds silly, but have you made sure the Action is added/enabled on the login flow (Actions → Flows in your dashboard)? I would also check to make sure the licenceKey property in app_metadata is correct.
Keep us posted!
i tried with and without the namespace already and same result, it’s in my login flow and is enabled.
licenceKey property is correct, i was using a rule that does the same thing but directly set the value in the object, it worked for a long time but since monday it stopped working.
Gotcha!
Does the console.log show up in the Action logging? If you go to Monitoring → Logs in your dashboard and then find the successful login event - You should see an “Action Details” section where this would be printed.
yes it shows in the console, i added a log of the licenceKe like you did. The value is threre and good.
But is not in the token.
That’s good at least. I’m honestly a bit perplexed, but a couple ideas:
Are you able to add a custom claim to the access token (api.accessToken.setCustomClaim) successfully?
What scopes are you passing in authorize request to get tokens?
Do you see the custom claim added to userinfo?
I’m not able to add a customClaim successfully, i tried with juste addind a test claim like (“TestClaim”, “Test Value”) but nothing in the final token.
Here’s my scopes: ‘openid’, ‘email’, ‘profile’, ‘offline_access’.
And since it doesn’t add it to the token i don’t see it in my userInfo.