Modify Claim on JWT Conditionally

Hello, new to using Auth0 so forgive me if this has been addressed somewhere. I am looking to see if it is possible to modify a JWT conditionally, setting a specific claim based on criteria from the app.

Stack - Angular 14 with .NET 6 API

I have an application that has different databases and a user can be assigned to multiple databases based on specific criteria, for example an admin who belongs to multiple accounts that would need to access different information in each database. I have logic in the UI that would allow a user to pick which database they are working in at a given time and can switch between them.

What I would like to do is add a specific claim on that switch indicating a tenant_id. This tenant_id would then be consumed in the API to determine the appropriate connection string to query the database.

From what I have seen, there are Rules which would accomplish the initial task to assign a user to 1 database when their account is created. What I am unsure of is how to make that switch to adjust the claim based on the front-end logic. It would also ideally not require a new login, but would be able to call an endpoint when they choose the database which would generate a new token with the appropriate claim. Would I be able to call the management API to accomplish this? Or is it possible to just modify the token myself in the angular app to add in that claim?

Thanks in advance

Hey there @vrtxdigitalmarketing welcome to the community!

While there are different ways you may want to go about this based on your particular needs, using a combo of RBAC and silent authentication might suit your use case. Please see the following post for an idea of what that might look like:

Alternatively, you may just want to update a user’s profile data/metadata when you know how to “flag” it with the tenant_id you mentioned and then add this as a custom claim to the token on silent auth. Rules/Actions will run again for the silent auth exchange allowing you to add the new metadata as a custom claim at that point.

I understand there’s a lot going and this is just me thinking out loud but I hope it at least gives you an idea of what’s possible!

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.