Auth0 Home Blog Docs

Make JWT token valid only for the IP that was used to generate it


Hey everyone,

I’m trying to make it so that any JWT is only valid for the IP address that generated it.

Is there a rule I can create or a way to get the IP included in the JWT?
I want to avoid having to write server-side code that queries the Management API or that keeps track of the sessions.



Hey @dandrei!

I think there might be a way to do it. So if you refer to context object in Rules:

You can access the context object properties. Using context.request you can then access the ip property. From then on you can set it as a custom claim.

Here’s doc on custom claims:

I think it should probably do the job!

1 Like
closed #3

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.