JWT token isn't saved in rule

dan.kopriva · December 14, 2017, 6:56pm

I have problem with rule after signUp and login user. I am using Auth0Lock v10 and option loginAfterSignUp is left as default ( true ).

My rule saves user.email into JWT (accessToken) token (see below), but this email isn’t set in my event callback authenticated. Keys which are in JWT (accessToken) are aud, azp, exp, sub etc. but no https://example.io/email. If I debug rule in Real-time Webtask Logs my console.logs are visible and JWT (accessToken) is properly set, even after first login.

After logout and login again is my JWT (accessToken) token OK and email is visible.

My rule:

function (user, context, callback) { 
  console.log('add-user_metadata-to-token_id - start');
  console.log('add-user_metadata-to-token_id - user ', user);
  console.log('add-user_metadata-to-token_id - context: ', context);
  
  var namespace = 'https://example.io/';
  
  context.accessToken[namespace + 'email'] = user.email;
     
  console.log('add-user_metadata-to-token_id - idToken', context.idToken);
  console.log('add-user_metadata-to-token_id - accessToken', context.accessToken);
  
  callback(null, user, context);
}

Auth-lock version: 10.24.1

{
  leeway: 30, 
  theme: {
    primaryColor: '#6e40ff',
    logo: amioLogoImage
  },
  allowShowPassword: true,
  languageDictionary: {
    title: ''
  },
  oidcConformant: true,
  autoclose: true,
  rememberLastLogin: true,
  auth: {
    redirectUrl: 'http://localhost:9000/app/login',
    autoParseHash: true,
    sso: true,
    responseType: 'token',
    audience: 'https://example.io'
  },
  additionalSignUpFields: {
    name: 'webapp_url',
    placeholder: 'webapp_url',
    prefill: getAuth0Props().webappUrl
  }]
}

Do you have any idea where is the problem or is this some kind of bug?

jmangelo · December 14, 2017, 9:23pm

Using a smaller version of the rule you shows (without the log statements) I could not reproduce the issue and the issued access token contained the custom claim with the user email address. Given that both access tokens and ID tokens can be JWT it might be better to specific and use that terminology instead of JWT token which may refer to one or to the other.

If you can reproduce this consistently you should update your question with the exact Lock configuration you’re using and also the exact Lock version being used so that troubleshooting can be done in equal terms.

In addition, have in mind that access tokens are not meant to be parsed by client application so if you want to have access to the email address in a browser-based application you should request that the email be included as part of the issued ID token (you can do that by making an OIDC request with scope containing openid and email.

dan.kopriva · December 14, 2017, 11:16pm

Thanks for your response.

After downgrade version Auth0-lock to 10.20.0 it is working good, so it’s look there was some problem with version 10.24.1.

dan.kopriva · January 18, 2018, 6:34pm

Auth0-lock version 11 problem: Bug: Access token missing custom fields added in rule - Auth0 Community

Topic		Replies	Views
Rules are working in the debug console, but they don't work when you use them Help rules	6	3338	January 8, 2024
Bug: Access token missing custom fields added in rule Help bug , jwt , rules , access-token	2	4572	July 25, 2019
Custom rule to add user.app_metadata to accessToken does not trigger Help jwt , auth0 , rules	5	7727	January 8, 2024
Idtoken null in web lock 11 Help jwt , auth0 , idtoken , web-lock	2	5591	July 25, 2019
Updating user.name in Auth0 Rule Help rules	1	3222	January 8, 2024

JWT token isn't saved in rule

Related Topics