I am trying following code with passwordless flow to add email to access token claim:
exports.onExecutePostLogin = async (event, api) => {
// This action adds the authenticated user’s email address to the access token.
let namespace = event.secrets.NAMESPACE || '';
if (namespace && !namespace.endsWith('/')) {
namespace += '/';
}
api.accessToken.setCustomClaim(namespace + 'email', event.user.email);
};
But it doesn’t seem to be working. Could see this coming as event object:
{\n transaction: { protocol: ‘oauth2-password’ },\n authentication: undefined,\n authorization: { roles: },\n connection: {\n id: ‘con_waSHQv3KhaErYGTw’,\n metadata: {},\n name: ‘email’,\n strategy: ‘email’\n },\n organization: undefined,"
user object is missing.
Does it even work with passwordless flow or did i miss anything?
Yes, the Passwordless flow will trigger the post-login action flow.
Firstly, please make sure that your namespace adheres to the namespace guidelines listed here.
Then please refer to this knowledge solution for an example of adding custom claims to tokens.
Once that’s done, you can verify that it works by logging in and decoding your access token on jwt.io to see the payload containing the email custom claim.
I followed the link which you shared didn’t help me resolving the issue. I have logged the event object for the action and i don’t see user object in this. Am I missing something:
{
“action_name”: “add-email-to-access-token”,
“response”: {
“logs”: “Sachin {\n transaction: { protocol: ‘oauth2-password’ },\n authentication: undefined,\n authorization: { roles: },\n connection: {\n id: ‘con_waSHQv3KhaErYGTw’,\n metadata: {},\n name: ‘email’,\n strategy: ‘email’\n },\n organization: undefined,”,
“stats”: {
“total_request_duration_ms”: 410,
“total_runtime_execution_duration_ms”: 406,
“runtime_processing_duration_ms”: 5,
“action_duration_ms”: 328,
“runtime_external_call_duration_ms”: 73,
“boot_duration_ms”: 78,
“network_duration_ms”: 5
}
},
“started_at”: “2024-03-18T09:48:52.259496391Z”,
“ended_at”: “2024-03-18T09:48:52.670927130Z”
}
Also i want to add user email to access token. Can you please share any example specific to that usecase as to how i can get hold of user email.