Auth0 Home Blog Docs

Passwordless id token does not contain what I ask for

token
passwordless

#1

I configured my passwordless Authentication Parameters like so:

{"scope": "openid email profile picture app_metadata"}

I am using the social providers + email code Lock widget. After logging in, my tokens only contain iss, sub, aud, exp and iat.


#2

In order to align with OIDC specifications, you need to add non-OIDC claims by namespacing them through Rules:
https://auth0.com/docs/api-auth/tutorials/adoption/scope-custom-claims


#3

I think I may have misunderstood the option here - I suspect the admin option controls the “email link”, and not the email code login. I set authOptions on the passwordless lock component, and now it works as I want.


#4