Hi @hector,
Welcome to the Auth0 Community!
Firstly, I believe that the current approach of passing a query parameter to the authentication page is not ideal for passing custom claims to grant access to your APIs. Moreover, as you observed, calling the getAccessTokenSilently()
method will not be able to pass a query parameter.
Instead, I recommend that you configure RBAC (Role-Based Access Control) to grant your users specific scopes
(Permissions) for your API. This way, you can specify the scopes in your getAccessTokenSilently()
method to allow your users can make valid API calls only if they have the correct scopes
granted to them.
See our Configure Core Authorization Features for Role-Based Access Control doc to learn more.
Please let me know if you have any questions.
Thank you.