Auth0 Home Blog Docs

WebAuth with CustomClaim


Following the documentation here:

I have ensured the custom rule is created and enabled in order to return the user_metadata / app_metadata via scopes using Auth0 WebAuth call


var webAuth = new auth0.WebAuth({
domain: ‘[Domain]’,
clientID: ‘[Client]’,
responseType: ‘token id_token’,
audience: ‘[domain]/userinfo’,
scope: ‘openid profile email app_metadata user_metadata’,
redirectUri: “

function handleAuthentication() {
webAuth.parseHash(function(err, authResult) {
if (authResult && authResult.accessToken && authResult.idToken) {
window.location.hash = ‘’;
} else if (err) {

function setSession(authResult) {
// Set the time that the Access Token will expire at
var expiresAt = JSON.stringify(
authResult.expiresIn * 1000 + new Date().getTime()
localStorage.setItem(‘access_token’, authResult.accessToken);
localStorage.setItem(‘id_token’, authResult.idToken);
localStorage.setItem(‘expires_at’, expiresAt);

webAuth.client.userInfo(localStorage.getItem(‘access_token’), (err, profile) => {
if (profile) {
localStorage.setItem(‘profile’, JSON.stringify(profile));

Checking authResult and the profile neither return the custom claim.


Apologies. I hit save a little premature

In that the scope returned only inludes the default entries: openid profile email and not app_metadata or profile_metadata.

I have also checked: Application > [NAME] > Advanced > OAuth > OIDC Conformant This setting is switched off.

Still no luck.

The Auth0 version I am using: