Json from Active Directory, not everything in claims

Hi, I have a connection with the active directory. Auth0 gets some JSON with data from AD, for example

{
    "created_at": "2022-07-04T06:07:29.088Z",
    "email": "mas@test.com",
    "name": "Martin Sas  (MAS)",
    "nickname": "mas",
    "user_id": "tzzd|SGW_66666666666666666666",
    "user_secret_login": "masXX@test.com"
}

When I try to read claims I don’t have type and value
"user_secret_login": "masXX@test.com"

I try to make some custom action

exports.onExecutePostLogin = async (event, api) => {
  const namespace = 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims';

  api.idToken.setCustomClaim(`${namespace}/user_secret_login`, event.user.user_secret_login);
};

But the event user doesn’t have user_secret_login… . How Can I get this value?

1 Like

Hi @mab,

Thanks for reaching out to the Auth0 Community!

I understand that you are trying to set the "user_secret_login" attribute as a custom claim to your ID Token.

Unfortunately, accessing Top-Level IdP User Attributes is not possible at this time when using Actions. This FAQ explains it in further detail.

In this situation, I recommend using Auth0 Rules to get the "user_secret_login" attribute. For example:

function(user, context, callback) {
  const namespace = 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims';

  // add custom claims to ID Token
  let idTokenClaims = context.idToken || {};
  idTokenClaims[`${namespace}/user_secret_login`] =  user.user_sercret_login;

  callback(null, user, context);
}

I hope this helps!

Please let me know how this works for you.

Thank you.

3 Likes

Thanks. It works good :slight_smile:

2 Likes