When successful login, id_token has not the user_metadata

Identity OpenID Connect / OAuth2
, , , ,
#1

Auth0Client Ruby Gem v4.4

Hi, Am using the Ruby Gem Client and had to modify it manually for the new changes you made. After getting it done when logging in the returned id_token has not the user_metadata. Am using user/pass login method.

Are you going to maintain this Gem at all?
What is the correct why to get a full id_token when scripting (not a web client logging in)?

Thanks!

Easiest way to grab user_metadata with Laravel SDK
#2

:wave: @systems1

since user_metadata is not part of the standard claims and so it is not present in the OIDC response from Auth0, we need to create a Rule to add it as a custom claim. The rule would look something like this:

function (user, context, callback) {
    var namespace = 'https://myapp.example.com/'; // note that you cannot use auth0.com, webtask.io and webtask.run as a namespace identifier
    if (context.idToken && user.user_metadata) {
       context.idToken[namespace + 'user_metadata'] = user.user_metadata;
     }
   callback(null, user, context);
 }

Can you give that a try and please let us know if it does what you are looking to do

Adding user metadata in the pre-user registration hook
#3

Thanks for the quick answer. I can confirm that in context idToken is actualy empty {}. this is my Rule:

function (user, context, callback) {
    if (typeof user.last_password_reset === 'undefined' || user.last_password_reset === null) {
    request.post({
        url: "https://" + configuration.auth0_env_domain + ".eu.auth0.com/dbconnections/change_password",
        json: {
            "client_id": context.ClientID,
            "email": user.email,
            "connection": context.connection
        }
    }, function (err, resp) {
        if (err) return callback(err);
        if (resp.statusCode !== 200) return callback(new Error('...'));
    });

    return callback(new UnauthorizedError('You need to reset your password. We have sent you an email with instructions to reset it.'));
    }

var app_short_code = context.clientMetadata.short_code;
var userHasAccess = (user.app_metadata &&
                     user.app_metadata.permissions &&
                     user.app_metadata.permissions[app_short_code] &&
                     user.app_metadata.permissions[app_short_code].some(
                         function (permission) {
                             return permission === "xxxx";
                         }
                     )
                    );

if (!userHasAccess) {
    return callback(new UnauthorizedError("Access denied."));
}

user.app = context.clientMetadata.app;

if (user.app_metadata && user.app_metadata.clients) {
    user.cli = user.app_metadata.clients;
}

user.app_scope = {};
user.app_scope[app_short_code] = user.app_metadata.permissions[app_short_code];
// Always include permissions for panel-api
user.app_scope["panel-api"] = user.app_metadata.permissions["panel-api"];

callback(null, user, context);

}

#4

How can I get the idToken at context? It works perfectly from UI but I need to do this using a script against endpoints to obtain the Token that I use for our API calls.

#5

Hey there!

Sorry for such huge delay in response! We’re doing our best in providing you with best developer support experience out there, but sometimes our bandwidth is not enough comparing to the number of incoming questions.

Wanted to reach out to know if you still require further assistance?

#6