Auth0 Home Blog Docs

Make JWT token valid only for the IP that was used to generate it

jwt
ip
#1

Hey everyone,

I’m trying to make it so that any JWT is only valid for the IP address that generated it.

Is there a rule I can create or a way to get the IP included in the JWT?
I want to avoid having to write server-side code that queries the Management API or that keeps track of the sessions.

Thanks!

#2

Hey @dandrei!

I think there might be a way to do it. So if you refer to context object in Rules:

You can access the context object properties. Using context.request you can then access the ip property. From then on you can set it as a custom claim.

Here’s doc on custom claims:

I think it should probably do the job!

1 Like
closed #3

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.