Not able to add email in access token claim

sachinsharma123 · March 15, 2024, 4:40pm

Hi,

I am trying following code with passwordless flow to add email to access token claim:
exports.onExecutePostLogin = async (event, api) => {
// This action adds the authenticated user’s email address to the access token.

let namespace = event.secrets.NAMESPACE || '';
if (namespace && !namespace.endsWith('/')) {
    namespace += '/';
}

api.accessToken.setCustomClaim(namespace + 'email', event.user.email);

};
But it doesn’t seem to be working. Could see this coming as event object:
{\n transaction: { protocol: ‘oauth2-password’ },\n authentication: undefined,\n authorization: { roles: },\n connection: {\n id: ‘con_waSHQv3KhaErYGTw’,\n metadata: {},\n name: ‘email’,\n strategy: ‘email’\n },\n organization: undefined,"

user object is missing.
Does it even work with passwordless flow or did i miss anything?

rueben.tiow · March 15, 2024, 7:19pm

Hi @sachinsharma123,

Welcome to the Auth0 Community!

Yes, the Passwordless flow will trigger the post-login action flow.

Firstly, please make sure that your namespace adheres to the namespace guidelines listed here.

Then please refer to this knowledge solution for an example of adding custom claims to tokens.

Once that’s done, you can verify that it works by logging in and decoding your access token on jwt.io to see the payload containing the email custom claim.

Let me know how this goes for you.

Cheers,
Rueben

sachinsharma123 · March 18, 2024, 9:52am

Hi,

I followed the link which you shared didn’t help me resolving the issue. I have logged the event object for the action and i don’t see user object in this. Am I missing something:
{
“action_name”: “add-email-to-access-token”,
“response”: {
“logs”: “Sachin {\n transaction: { protocol: ‘oauth2-password’ },\n authentication: undefined,\n authorization: { roles: },\n connection: {\n id: ‘con_waSHQv3KhaErYGTw’,\n metadata: {},\n name: ‘email’,\n strategy: ‘email’\n },\n organization: undefined,”,
“stats”: {
“total_request_duration_ms”: 410,
“total_runtime_execution_duration_ms”: 406,
“runtime_processing_duration_ms”: 5,
“action_duration_ms”: 328,
“runtime_external_call_duration_ms”: 73,
“boot_duration_ms”: 78,
“network_duration_ms”: 5
}
},
“started_at”: “2024-03-18T09:48:52.259496391Z”,
“ended_at”: “2024-03-18T09:48:52.670927130Z”
}

Also i want to add user email to access token. Can you please share any example specific to that usecase as to how i can get hold of user email.

sachinsharma123 · March 18, 2024, 10:16am

sorry, it worked. Thanks for your help

rueben.tiow · March 18, 2024, 11:54pm

Hi @sachinsharma123,

I’m glad to here that it worked!

Please reach out again if you have any additional questions.

Thanks,
Rueben

system · April 1, 2024, 11:55pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.