Hello! We are using the React Native SDK to handle login, logout and fetching new access tokens using the refresh token.
During login we pass a query parameter to the authentication page, which is read by the Login Action flow to add this parameter as a custom claim to the access token.
The problem comes when using the refresh token to get a new access token. We have no way to pass this custom query parameter value with the refresh token to generate the new acces token with the custom claim. This means the new access tokens returned are causing invalid API calls (this claim is required).
How can we pass cusomt values to the refresh process to the new access token can be generated like it is during login? Thanks for the help.
Firstly, I believe that the current approach of passing a query parameter to the authentication page is not ideal for passing custom claims to grant access to your APIs. Moreover, as you observed, calling the getAccessTokenSilently() method will not be able to pass a query parameter.
Instead, I recommend that you configure RBAC (Role-Based Access Control) to grant your users specific scopes (Permissions) for your API. This way, you can specify the scopes in your getAccessTokenSilently() method to allow your users can make valid API calls only if they have the correct scopes granted to them.
Thanks for the response! So my follow-up question is, how would we pass data from the client during login and token refresh using the React Native SDK or the Auth0 API? This data is unique per user and generated upon client startup.
Thanks, can I pass a key value pair object in my scope? I may want to pass 1 or more related parameters to the authentication endpoint to add to the access token claims.