Unexpected Claims in the Client Credentials Access Token

gabriela.pantea · August 13, 2024, 8:14pm

Overview

When migrating over to using Actions instead of hooks, some unexpected claims are seen in the token:

  "statusCode": 200,
  "headers": {},
  "status": "success",

Applies To

Hooks
Actions
Client credentials

Cause

This can be caused by passing an empty callback within a client credentials hook, for example, to attempt an early exit from the hook as part of the migration to Actions for a certain client ID.

E.g.

if (client.name === "<Client name being migrated here>") {        
   return cb();
}

Solution

The hook callback should pass null and access_token parameters. For example, an early exit could look like:

if (client.name === "<Client name being migrated here>") {       
   let access_token = {
      scope: scope
   };
   return cb(null,access_token);
}

Actions are executed after hooks so they can be used to modify the access token further as required.

Topic		Replies	Views
Add custom parameter from request in access token through hooks in client credential flow Help auth0net , sdks-quickstarts	1	1154	January 8, 2024
Customising status code returned from hooks Help hooks , client-credentials-f	2	4061	March 2, 2018
Rule and action with the same business logic behave differently during post login Help classic-universal-login-experience , login-experience	3	1323	January 8, 2024
Client credentials restrict scope with action instead of hook Help extensibility , actions-extensibility	4	1226	January 8, 2024
Problem to migrate rules to action Help token-info-tokeninfo , deprecations	2	28	September 6, 2024

Unexpected Claims in the Client Credentials Access Token

Overview

Applies To

Cause

Solution

Related Topics