Auth0 Home Blog Docs

Passwordless id token does not contain what I ask for



I configured my passwordless Authentication Parameters like so:

{"scope": "openid email profile picture app_metadata"}

I am using the social providers + email code Lock widget. After logging in, my tokens only contain iss, sub, aud, exp and iat.


In order to align with OIDC specifications, you need to add non-OIDC claims by namespacing them through Rules:


I think I may have misunderstood the option here - I suspect the admin option controls the “email link”, and not the email code login. I set authOptions on the passwordless lock component, and now it works as I want.