I was able to add my scopes to my access_token
with this rule excerpt:
var requested_scopes_string = context.request.query.scope || '';
var requested_scopes = requested_scopes_string.split(' ');
var allowed_scopes = intersect(requested_scopes, 'openid', 'profile', 'email']);
if(context.accessToken) {
context.accessToken.scope = allowed_scopes;
roles.forEach(function(role) {
context.accessToken.scope.push(role);
});
}
However, they don’t appear in my idToken if I use the same code:
if(context.idToken) {
context.idToken.scope = allowed_scopes;
roles.forEach(function(role) {
context.idToken.scope.push(role);
});
}
I also tried this:
user.app_metadata.roles = roles;
auth0.users.updateAppMetadata(user.user_id, user.app_metadata)
.then(function(){
callback(null, user, context);
})
.catch(function(err){
callback(err);
});
I’m calling it with these parameters (among others):
oidcConformant: true,
responseType: "token id_token"
scope: "openid email profile api",
Any idea why the id_token
/ profile doesn’t give me the scopes back, even though the access_token
does?