Is it possible to modify a JWT and re-sign it from server side?

Hi there @fernandom welcome to the community!

You won’t be able to modify and re-sign tokens, but you could request new tokens with the new claim - To do this you may want to look into triggering silent authentication as a means to request new tokens for a user that has an existing session. Silent auth will run any Actions you have configured to add the additional/new claim. The only pitfall I see here is rate limiting which could happen rather quickly if many users are switching channels frequently.

You could use a backend to interact with the Management API and update user or app metadata with a channel_id and add that as a custom claim using an Action. Basically you would update the metadata for a user with the new channel_id when necessary, and then trigger silent auth - The new metatadata will be pulled into the resulting tokens as a custom claim.

For example, the node management client provides an updateUserMetadata and updateAppMetadata function - An action to add metadata to tokens might look like:

exports.onExecutePostLogin = async (event, api) => {
  const namespace = 'https://my-app.example.com';
  if (event.authorization) {
    api.idToken.setCustomClaim(`${namespace}/user_metadata`, event.user.user_metadata);
    api.idToken.setCustomClaim(`${namespace}/app_metadata`, event.client.metadata);
  }
};

Hope this helps at least give you an idea of what’s possible!

2 Likes