Not Getting app_metadata Claims (OIDC Client)

Ryan_Havlick · April 28, 2017, 3:50am

Hello,

I’m using the new Auth0.oidcClient with my .NET app. I’m successfully authenticating against my API and everything is working as far as the authentication, however I’m not receiving any of my custom claims from my app_metadata. For example, I have in my app_metadata a property called “app_metaDataproperty” and it’s not returned as a claim.

        private Auth0Client auth0 = new Auth0Client(ConfigurationManager.AppSettings"auth0:Domain"],
                                                    ConfigurationManager.AppSettings"auth0:ClientId"],
                                                    null,
                                                    "openid profile app_metaDataproperty", 
                                                    true);

            //Attempt to login
            var LoginResult = await auth0.LoginAsync(ExtraParms);
                        
            //Next, attempt to get the to the protected resource on the web API
            if (LoginResult.IsError == false)
            {
                var client = new RestClient("http://localhost:5896/api/ping/claims");
                var request = new RestRequest(Method.GET);
                request.AddHeader("authorization", string.Format("Bearer {0}", LoginResult.AccessToken));

                IRestResponse response = client.Execute(request);
                System.Windows.Forms.MessageBox.Show(response.StatusCode.ToString());
            }

If I make a call out to the /userinfo endpoint, it too doesn’t return my app_metadata.

Is there any way to get the app_metadata into my claims if I’m using the OIDC client?

Thanks.

fady · April 28, 2017, 4:19am

OIDC-Conformant Clients require that custom claims are namespaced. You can add custom claims through the use of Rules like so:

function (user, context, callback) {
  const namespace = 'https://myapp.example.com/';
  context.idToken[namespace + 'favorite_color'] = user.favorite_color;
  context.idToken[namespace + 'preferred_contact'] = user.user_metadata.preferred_contact;
  callback(null, user, context);
}

To update the contents of the access_token, simply replace context.idToken with context.accessToken.

The following resources should provide some additional clarity:

Ryan_Havlick · April 28, 2017, 4:19am

This document seems to resolve my issue by adding a custom rule:

https://auth0.com/docs/api-auth/tutorials/adoption/scope-custom-claims