"Invalid code" when enabling rule


When I enable this rule in my “staging” tenant, it fail with an “invalid_grant (Invalid authorization code)” error :

function(user, context, callback) {
  const namespace = 'https://exemple.com';
  if (context.authorization && context.authorization.roles) {
    const assignedRoles = context.authorization.roles;

    if (context.idToken) {
      const idTokenClaims = context.idToken;
      idTokenClaims[`${namespace}/roles`] = assignedRoles;
      context.idToken = idTokenClaims;

    if (context.accessToken) {
      const accessTokenClaims = context.accessToken;
      accessTokenClaims[`${namespace}/roles`] = assignedRoles;
      context.accessToken = accessTokenClaims;

  callback(null, user, context);

When the rule is disabled, authentification work well. I have the same rule on my “development” tenant and it works fine.

I can’t figure why, every parameters are identicals…

Any idea ?

Hey there!

Hmm, that’s weird I can investigate that if you can send me your tenant name here in the forum using a private message.

Hi Konrad,

Thanks for your reply,

Finally I managed an other way, by calling my API to fetch the roles, which is not an ideal solution, but it worked.

And, a few time after, i had the exact same problem (“invalid_grant (Invalid authorization code)”), but with no rules defined… I ended by create different accounts for each environments, and only one tenant by account.

For now it’s working, but something seems wrong, maybe in my configuration…


Gotchya! Thanks for providing that context!

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.