Post-Login Action not adding email to access token

I want to add the user’s email as a custom claim on my API access token. Following these instructions, I created a Post-Login Action to do so:

exports.onExecutePostLogin = async (event, api) => {
    // This adds the authenticated user's email address to the access token.
  if (event.authorization) {
    const namespace = 'https://dev-hnvbea5l8bn2ww66.us.auth0.com'; // this is my token issuer
    api.accessToken.setCustomClaim(`${namespace}/claims/email`, event.user.email);
  }
};

Screenshot 2023-01-09 at 9.52.22 PM1566×758 85.7 KB

The test doesn’t allow me to see what the modified access token will look like, like Rules tests did, but all seems ok here:

Screenshot 2023-01-09 at 9.54.53 PM1244×596 94.7 KB

The Action is included in the Login flow:

Screenshot 2023-01-09 at 9.55.36 PM823×613 21.5 KB

But when I get an access token, either using cURL or getAccessTokenSilently, it doesn’t include the custom claim:

Screenshot 2023-01-09 at 10.06.13 PM128×518 8.23 KB

I see that the Action runs in the logs for login events, but it doesn’t appear to run for credential-token exchanges.

Screenshot 2023-01-09 at 10.26.59 PM1024×889 52.1 KB

Screenshot 2023-01-09 at 10.00.40 PM1044×909 44.6 KB

Screenshot 2023-01-09 at 10.02.14 PM1029×883 39.5 KB

How can I fix this and get the custom claim added to the access token fetched via getAccessTokenSilently, which is what I really need the email added to?

Hi @sweet

It appears that you’re using a restricted namespace format. Our documentation states the following:

Use any non-Auth0 HTTP or HTTPS URL as a namespace identifier. Auth0 domains cannot be used as namespace identifiers, and include auth0.com

Try updating your namespace variable to a value that does not include ‘auth0.com’.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.