Set ID Token Claims using Actions

Last Updated: Aug 12, 2024

Overview

This article details how to set ID Token claims using Actions.

Applies To

  • ID Token
  • Claims
  • Actions

Solution

It is possible to populate ID Tokens and Access Tokens (AT) with custom claims using a Post Login Action.

Our Post Login Actions have access to two objects that offer different features. These objects are:

The Event object offers access to Properties related to the Authentication Request, such as client ID, connection name, transaction, etc.

The API object provides a set of Methods that can be used to perform different actions, such as adding custom claims.

To add a custom claim to an ID Token, use the following function:

api.idToken.setCustomClaim(name, value);

A complete Post Login Action that adds a custom claim to the ID Token would look like this:

exports.onExecutePostLogin = async (event, api) => {
    api.idToken.setCustomClaim('my-custom-claim', 'my-value');
};

Similarly, it is possible to add Custom Claims to an Access Token by referencing it before calling the setCustomClaim function:

api.accessToken.setCustomClaim('my-custom-claim', 'my-value');

Related References