Question about custom action (from a newbie)

Get Help
,
1

Hi,

This is my first post here, so hello!

I wanted Roles populated in the JWT for my Application so I wrote a custom Action and used it in a Login Flow. It works fine. A question I have is about the Javascript. I used the code from this example in the docs, however I want to exclude the namespace so the function will look like this:

exports.onExecutePostLogin = async (event, api) => {
  if (event.authorization) {
    api.idToken.setCustomClaim('roles', event.authorization.roles);
    api.accessToken.setCustomClaim('roles', event.authorization.roles);
  }
}

For some reason this doesn’t work without the namespace being appended to roles (as in the docs example). These setters are setting values in a simple map (I assume) so why doesn’t my code without the namespace work?

Thanks

3

Hi there @asmith2306 welcome to the community!

This doesn’t work because roles is a reserved claim - You’ll either need to use namespace (generally recommended) or a non-reserved string.

Cheers!

4

Ok that makes sense. Another question to add is why roles is populated without the need for an Action/Flow in an API JWT, but not an Application JWT?

Thanks

5

I assume you are referring to access tokens vs. ID tokens - The roles are automatically included in an access token when utilizing RBAC as the access token is used in authorization against an API whereas the ID token is used for authentication purposes.

6

Ok thanks. I’ll reading the docs, etc. Thanks for your time.

7

No problem, happy to help!