Hey @rueben.tiow , thanks a lot for you answer, but let’s clarify some related questions.
Previously, with Rules, we didn’t use namespaced claims, we just set “connection” to the “user”, right how it was specified in the “scopes”.
Currently, you recommend use using namespace claims, so some questions are coming:
1 - should we update our scopes prop with this new namespaced ID instead of “connection”?
2 - AFAIU it will come to the JWT body with this URL like prop as well, right?
3 - So we will need to update our BE logic to get this updated parameter from JWT body (replace “connection”), correct?
That is quite interesting. I am unsure how the Rule managed to work without a namespace. But, all of our examples illustrate with a namespace. If you have a moment, please take a look at this doc for clarity on appending custom claims in Rules.
No, you will not need to do that. The claims are appended to the ID token post-authentication, and writing the Action will suffice for that. The scope parameter is used to specify the permissions for API access (i.e read:reports). See here for details.
Yes, your custom claims will appear in the JWT body payload. For example, you will see something like
... other claims below
Yes, you can decode the JWT token to get the custom claim in the payload data.