Refreshed token doesn't include the custom claim added during login

ameen · July 15, 2024, 9:52pm

Hello guys,

I have a custom action that I added to the “Login” flow to add custom claims, in this case the email of the user:

exports.onExecutePostLogin = async (event, api) => {
if (event.authorization) {
api.accessToken.setCustomClaim(“email”, event.user.email);
}
};

On my Android app, I’m using the refresh token to get a new access token, it works however the new access token doesn’t have the custom claim, how can I allow new access tokens have the same claims (using the refresh token)?

Here’s my Android code that does the refresh (for reference):

val client = AuthenticationAPIClient(auth0)
var newAccessToken = “”
try {
client.renewAuth(refreshToken)
.start(object: Callback<Credentials, AuthenticationException> {
override fun onFailure(error: AuthenticationException) {
Log.e(“AUTH0 Error”, “onFailure: $error”)
}

        override fun onSuccess(result: Credentials) {
          newAccessToken = result.accessToken
          Log.e("AUTH0 Success", "onSuccess: $result")
        }
      })

taylor.briggs · July 17, 2024, 6:11pm

Why do you wrap it in the conditional? That event property is likely not included when using the refresh token, which is why the claim is missing from the refreshed access token. If you always want the email claim included in your access token, remove the condition.

ameen · July 17, 2024, 6:49pm

Thanks @taylor.briggs, let me check and confirm.