Remove Claims from ID Token with Post Login Action

Problem statement

Can the ‘nickname’ and ‘picture’ claim from the ID token be removed after a user authenticates successfully. This was possible with Rules previously. What is the recommended solution for the use case when leveraging Actions?


The claims will be found in the ‘event’ object in Actions and those values are immutable so deletion is not possible. To change claims as they appear in an ID Token, use the following pattern to set an alternative name for the claim that indicates it has been removed:

api.idToken.setCustomClaim('picture', undefined);