Post Login Action - Claims Missing in JWT

3dyuval · January 25, 2025, 10:09pm

Hi everyone,

I’ve searched extensively on this topic and found it brought up multiple times, but haven’t come across a clear solution.

I’m trying to set custom claims in the JWT idToken and accessToken using a Post Login Action in Auth0. Here’s what I’ve done so far:

Created a Post Login Action with the following code:

exports.onExecutePostLogin = async (event, api) => { 
    const namespace = 'namespace-preffix';
 
    if (event.authorization) { 
        console.log(event.authorization.roles); // Successfully logs the roles
        api.idToken.setCustomClaim(`${namespace}/roles`, event.authorization.roles); 
        api.accessToken.setCustomClaim(`${namespace}/roles`, event.authorization.roles); 
    } 
};

Bound the Action to the appropriate Post Login flow in the Triggers section.

Despite this setup:

The roles are successfully logged in the Action Logs (event.authorization.roles logs correctly).
However, the custom claims never show up in the JWT idToken or accessToken.

I expect the custom claim (namespace/roles) to appear in the token payload, but it’s consistently missing.

Has anyone encountered this issue or know of any steps I might be missing? Any guidance would be greatly appreciated!

sumansaurav · January 27, 2025, 11:06pm

Hi @3dyuval ,

Would you mind sharing:

The format of your roles NOT real data data when it’s logged?

Try explicitly converting it to an array if needed:

api.idToken.setCustomClaim(`${namespace}/roles`, Array.from(event.authorization.roles));

You can also check the guidelines to use namespace identifier here:

You also need to verify your client application is configured to receive these custom claims:

Check if the client’s “Token Endpoint Authentication Method” is properly set
Verify that the necessary scopes are included in your authentication request

dawid.matuszczyk · January 28, 2025, 12:57pm

Hi @3dyuval

Welcome to the Auth0 Community!

Thank you for posting your question. The Action code for adding the claims looks good, and I successfully tested a similar code a few minutes ago. Could you check if your application is passing the audience in the request? I’m guessing that you could be getting an opaque token, not a valid JWT → Why Access Token Is Not a JWT (Opaque Token)

Thanks
Dawid

system · February 11, 2025, 12:58pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Actions not setting claims/roles in JWT Get Help user-profile , user-management	3	1071	January 26, 2023
Angular Access Token Custom Claims Get Help jwt , auth0 , login , custom-claims	4	2561	October 13, 2022
Custom claims not added to tokens in post-login Action flow Get Help	4	3610	October 1, 2021
Creating custom actions for different APIs Get Help apis , application	2	33	July 30, 2024
Missing Custom Claims in Renewed Tokens Using checkSession Get Help identifier-first , login-experience	3	31	November 27, 2024

Post Login Action - Claims Missing in JWT

Related topics