Is it possible to modify a JWT and re-sign it from server side?

Hi, this is my use case:

  • Users can join to several channels (channel_id1, channel_id2, …)
  • A user can leave a channel and join any other channel at any time.

I would like to include the channel_id in the JWT (and change its value as many times a user enter/leave a channel).

  1. Is it possible to do this form server side?
  2. Is there any way to modify a JWT and resign it dynamically?

Thanks in advance.

Hi there @fernandom welcome to the community!

You won’t be able to modify and re-sign tokens, but you could request new tokens with the new claim - To do this you may want to look into triggering silent authentication as a means to request new tokens for a user that has an existing session. Silent auth will run any Actions you have configured to add the additional/new claim. The only pitfall I see here is rate limiting which could happen rather quickly if many users are switching channels frequently.

You could use a backend to interact with the Management API and update user or app metadata with a channel_id and add that as a custom claim using an Action. Basically you would update the metadata for a user with the new channel_id when necessary, and then trigger silent auth - The new metatadata will be pulled into the resulting tokens as a custom claim.

For example, the node management client provides an updateUserMetadata and updateAppMetadata function - An action to add metadata to tokens might look like:

exports.onExecutePostLogin = async (event, api) => {
  const namespace = 'https://my-app.example.com';
  if (event.authorization) {
    api.idToken.setCustomClaim(`${namespace}/user_metadata`, event.user.user_metadata);
    api.idToken.setCustomClaim(`${namespace}/app_metadata`, event.client.metadata);
  }
};

Hope this helps at least give you an idea of what’s possible!

2 Likes

Thank you very much for clarifying and such a detailed answer.

1 Like

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.