I’m trying to add properties to the access token in a rule via context.accessToken, so that the client (a Vue app) will get them on a successful auth.
When testing the rule with mock data in the rules sandbox in Auth0’s dashboard, the changes appear in the access token as expected.
However, when testing via the actual login form that’s integrated with my application, the changes don’t appear in the access token returned to the client.
I’m using the new universal login for single page applications (@auth0/auth0-spa-js). The method is login with redirect.
I’m passing an audience to options when creating the Auth0 client, so the access token returned in the response is JWT as expected.
Why aren’t the rule’s changes to the access token reflected in the response to the client?
You can easily test this by creating a new rule from the template: Access Control → Add email to access token.