I am trying to migrate our existing IdentityServer4 integration to Auth0, but am running into a few issues. One of them is the fact that we do not use namespaced claims in certain cases, which need to be converted to namespaced ones as we are using an Auth0 API in the audience. We call the token endpoint for refreshtoken/accesstoken so this audience is apparently mandatory. This breaks our migration process, but we can manage that.
A second issue I experience is the fact that we currently have an accesstoken which contains an array object, with a lot of different values. Adding this to the token is apparently not supported by Auth0. The array is first retrieved from our own API within a post login action, and then added to the token with ‘api.accessToken.setCustomClaim(claim.type, claim.value)’. But this method seems to only support adding strings, and not array types or something else. Calling it multiple times with the same claim type will overwrite the previous value.
Is there any way to add this array to the token within an Auth0 action? The workaround I’m now using is concatenating it into a single string and then parsing it at the application level. But that involves changing all consuming applications.
I just tried to add array-type data to the access token preceded with a custom claim via actions.
Please take a look at a Login flow actions’ code snippet along with its comments:
exports.onExecutePostLogin = async (event, api) => {
const namespace = 'https://myapp.example.com';
// Set claims
// this first one is an array type user_metadata object passed as a custom claim:
api.accessToken.setCustomClaim(`${namespace}/array_form_usermetadata`, event.user.user_metadata.array_metadata);
//the second one is an array-type data passed directly as a custom claim
api.accessToken.setCustomClaim(`${namespace}/array_directly`, ['data1', 'data2', 'data3']);
};
Thanks for the reply, it shows that it indeed can be handled as an array.
However, we are using ASP.Net OWIN as our backend and that apparently needs the claims array to be in the following format:
api.accessToken.setCustomClaim(claim.type, [
“Value1”,
“Value2”,
“Value3”
]);
Otherwise it will not parse this as a list, and I still need some custom coding to get this to work. But that is something we can do.
In our case this is the array of roles the user is assigned, which is used for Authorization in the accesstoken.
Thanks for sharing and it’s good you have a working solution.
Auth0 will deliver an access token which, once decoded, consists of a json object with claims in the format like {“claim name”: [value1, value2, value3]}.
