[Rules] Is it possible to access the signed JWT token values within rules after they are serialized?

[Rules] Is it possible to access the signed JWT token values within rules after they are serialized?

So I can use the value when calling a 3rd party api to get a federated identity to put in the Auth0 auth result when it’s sent to the client.

I am not sure this is possible and I may need to handle it in my app code if not.

I’ve tried this

but I get this error when trying the rule

ERROR: Cannot read property 'signing_secret' of undefined

Thanks.

I got it :slight_smile:

In the testing harness the clientsecret has to be specified in the payload duh.

var jwt = require('jsonwebtoken@7.1.9');
  var request = require('request@2.56.0');

  var userInfoToken = jwt.sign(
    {
      email: user.email,
      iat: Math.floor(Date.now() / 1000) - 2
    },
    'MyClientSecret',
    {
      expiresIn: 4,
      audience: context.request.query.audience,
      issuer: 'https://' + context.request.hostname + '/'
    }
  );

I was able to do a quick test by putting the secret in the Auth0 rule and it outputted the JWT so this solution works.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.