Hello Auth0 Community,
I am having trouble retrieving custom “roles” claims from an access token using the /userinfo endpoint. I’ve set up an Auth0 Identity Provider (IdP) and Service Provider (SP), where the SP redirects a user to the IdP for authentication. Upon authentication, the user is redirected back to my application, and both access and ID tokens are generated successfully.
I’ve added custom “roles” claims to these tokens, expecting to retrieve them through the /userinfo endpoint. In my IdP, I’ve added the following custom login action:
exports.onExecutePostLogin = async (event, api) => {
const namespace = 'abcnamespace';
api.idToken.setCustomClaim(`${namespace}/role`, event?.authorization?.roles);
api.accessToken.setCustomClaim(`${namespace}/role`, event?.authorization?.roles);
api.idToken.setCustomClaim(`${namespace}/testdata`, "123");
api.accessToken.setCustomClaim(`${namespace}/testdata`, "123");
if (event?.user?.user_metadata?.first_name) {
api.idToken.setCustomClaim(`${namespace}/given_name`, event.user.user_metadata.first_name);
api.accessToken.setCustomClaim(`${namespace}/given_name`, event.user.user_metadata.first_name);
}
if (event?.user?.user_metadata?.last_name) {
api.idToken.setCustomClaim(`${namespace}/family_name`, event.user.user_metadata.last_name);
api.accessToken.setCustomClaim(`${namespace}/family_name`, event.user.user_metadata.last_name);
}
}
Here, “family_name” and “given_name” are added correctly to the tokens and can be retrieved using the /userinfo endpoint. However, the “role” claims, while they appear in the user’s rawData on the Auth0 SP dashboard (albeit without the namespace), cannot be retrieved from either the access token or /userinfo endpoint.
From the client-side, I pass the audience as follows:
<Auth0Provider {...providerConfig}
scope="openid profile email read:current_user update:current_user_metadata"
audience={`my-audience-here`}
>
{children}
</Auth0Provider>
I also attempted adding “read:roles read:role_members” to the scope, but without success.
FYI, I have read almost all the custom claims posts in the auth0 community but nothing seems to work, including this How to add Roles and Permissions to the ID Token using Actions?
I would appreciate any insights or suggestions on how to correctly add and retrieve these custom “role” claims from the access token and the /userinfo endpoint.