Post-Login Action not adding email to access token

sweet · January 10, 2023, 3:32am

I want to add the user’s email as a custom claim on my API access token. Following these instructions, I created a Post-Login Action to do so:

exports.onExecutePostLogin = async (event, api) => {
    // This adds the authenticated user's email address to the access token.
  if (event.authorization) {
    const namespace = 'https://dev-hnvbea5l8bn2ww66.us.auth0.com'; // this is my token issuer
    api.accessToken.setCustomClaim(`${namespace}/claims/email`, event.user.email);
  }
};

The test doesn’t allow me to see what the modified access token will look like, like Rules tests did, but all seems ok here:

The Action is included in the Login flow:

But when I get an access token, either using cURL or getAccessTokenSilently, it doesn’t include the custom claim:

I see that the Action runs in the logs for login events, but it doesn’t appear to run for credential-token exchanges.

How can I fix this and get the custom claim added to the access token fetched via getAccessTokenSilently, which is what I really need the email added to?

eric.culley · January 11, 2023, 12:14am

Hi @sweet

It appears that you’re using a restricted namespace format. Our documentation states the following:

Use any non-Auth0 HTTP or HTTPS URL as a namespace identifier. Auth0 domains cannot be used as namespace identifiers, and include auth0.com

Try updating your namespace variable to a value that does not include ‘auth0.com’.

system · January 25, 2023, 12:15am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.