We currently use simple “Username-Password-Authentication” connection to our custom database and request the next scopes: ‘openid email connection’. Also using google IdP with the same rules.
AFAIU all three scopes data should go to the id token JWT body, first two comes right from the user db data, but “connection” was added via the next Rule:
I understand you are migrating from Rules to Actions and have some questions about setting custom claims to the ID Token.
To do so, you will need to prepend a namespace to your custom claims. Note that a custom claim must take the form of a URI and cannot use reserved namespaces. See below for an example.
Hey @rueben.tiow , thanks a lot for you answer, but let’s clarify some related questions.
Previously, with Rules, we didn’t use namespaced claims, we just set “connection” to the “user”, right how it was specified in the “scopes”.
Currently, you recommend use using namespace claims, so some questions are coming:
1 - should we update our scopes prop with this new namespaced ID instead of “connection”?
2 - AFAIU it will come to the JWT body with this URL like prop as well, right?
3 - So we will need to update our BE logic to get this updated parameter from JWT body (replace “connection”), correct?
That is quite interesting. I am unsure how the Rule managed to work without a namespace. But, all of our examples illustrate with a namespace. If you have a moment, please take a look at this doc for clarity on appending custom claims in Rules.
No, you will not need to do that. The claims are appended to the ID token post-authentication, and writing the Action will suffice for that. The scope parameter is used to specify the permissions for API access (i.e read:reports). See here for details.
Yes, your custom claims will appear in the JWT body payload. For example, you will see something like
{
"https://my-app.example.com/connection": "Username-Password-Authentication",
... other claims below
}
Yes, you can decode the JWT token to get the custom claim in the payload data.
Dear @rueben.tiow,
It looks like I need some more assistance from your side.
I’ve just tried to set the namespaced custom claim to my id token within the Action, but don’t see any changes in my JWT body
I tried different urls for namespace, incl our Auth0 subdomain /oauth/ro request url (https://{our-tenant-name}.auth0.com) and our actual staging website url, but no luck.
I event just tried to add id token custom claim directly in the Rule via next code:
Lastly, I have just tested your Rule, and everything works. I’ve checked the ID token and obtained the "http://test.net/test" : "test" claim. I attached a snippet of my payload: