Roles not included in custom claim through actions

joel.paredes · June 1, 2022, 3:22pm

Hi!

I need to retrieve the user assigned roles on login. I have added an action that adds a custom claim as follows:

exports.onExecutePostLogin = async (event, api) => {
  const namespace = 'https://example.com';

  if (event.authorization) {
    api.idToken.setCustomClaim(`${namespace}/roles`, event.authorization.roles);
    api.accessToken.setCustomClaim(`${namespace}/roles`, event.authorization.roles);
  }
}

However, the access token gives

"https://example.com/roles": [],

I am using organizations. I have also activated RBAC in my default audience api and the permissions claim is empty as well.

"permissions": []

Any idea of what is causing this?

joel.paredes · June 1, 2022, 3:48pm

Never mind, I found the issue.

For anyone facing the same as me. I needed to add organization specific roles. Here are the docs:

ty.frith · June 1, 2022, 6:22pm

Hey @joel.paredes thanks for following up with the solution, glad you were able to get this sorted!

Topic		Replies	Views
Unable to Retrieve Custom "Roles" Claim from Access Token at /userinfo Endpoint Get Help extensibility , actions-extensibility	12	2718	July 28, 2023
Add "roles" to access token Get Help configuration , application	1	1576	April 16, 2024
Payload has no roles in accessToken Get Help classic-universal-login-experience , login-experience	6	1046	April 12, 2023
Add Roles/Claims to the access token via Login Flow Get Help login-experience , new-universal-login-experience	2	458	April 15, 2024
Can't find custom claims in idToken Get Help user-profile , user-management	6	105	March 14, 2025

Roles not included in custom claim through actions

Related topics