Up until two days, the rule below was working perfectly - after a user authenticated we could see the app_metadata in their JWT:
function (user, context, callback) {
var namespace = '';
context.idToken[namespace + 'app_metadata'] = user.app_metadata;
callback(null, user, context);
}
Then two days ago, we no longer got app_metadata in the JWT - no errors, just no app_metadata. After a lot of testing, we worked out that a blank namespace now needed to be a FQDN.
We then had to refactor our front end and middleware to handle this change.
Then this morning, just before deploying the updates, we started to get app_metadata in our tokens again, even though the namespaces were blank!
It felt like there was code change in auth0 that broke blank namespaces, then this code change was rolled back or fixed.
Pretty frustrating. Can anyone else shed some light on this?