[Rules] Is it possible to access the signed JWT token values within rules after they are serialized?

coreyh · September 25, 2018, 11:28am

So I can use the value when calling a 3rd party api to get a federated identity to put in the Auth0 auth result when it’s sent to the client.

I am not sure this is possible and I may need to handle it in my app code if not.

I’ve tried this

but I get this error when trying the rule

ERROR: Cannot read property 'signing_secret' of undefined

Thanks.

coreyh · September 25, 2018, 11:54am

I got it

In the testing harness the clientsecret has to be specified in the payload duh.

var jwt = require('jsonwebtoken@7.1.9');
  var request = require('request@2.56.0');

  var userInfoToken = jwt.sign(
    {
      email: user.email,
      iat: Math.floor(Date.now() / 1000) - 2
    },
    'MyClientSecret',
    {
      expiresIn: 4,
      audience: context.request.query.audience,
      issuer: 'https://' + context.request.hostname + '/'
    }
  );

I was able to do a quick test by putting the secret in the Auth0 rule and it outputted the JWT so this solution works.

system · October 25, 2018, 11:54am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Jwt.sign within rule generates invalid token frequently Help token , jwt	5	6426	March 2, 2018
Get the JWT access token from within rules Help	6	4155	December 19, 2020
Can I generate a JWT token by using the application's private key inside the rule? JWT.io jwt , rules	3	3254	January 8, 2024
Ability to 'obtain' the access_token JWT within a rule? JWT.io jwt , login	1	4025	July 17, 2018
Can't Validate Token w/JWT Help sessions , authentication-sessions	4	1950	June 11, 2023

[Rules] Is it possible to access the signed JWT token values within rules after they are serialized?

Related Topics