Auth0 Home Blog Docs

When successful login, id_token has not the user_metadata

jwt
auth0
ruby
management-api
login

#1

Auth0Client Ruby Gem v4.4

Hi, Am using the Ruby Gem Client and had to modify it manually for the new changes you made. After getting it done when logging in the returned id_token has not the user_metadata. Am using user/pass login method.

Are you going to maintain this Gem at all?
What is the correct why to get a full id_token when scripting (not a web client logging in)?

Thanks!


#2

:wave: @systems1

since user_metadata is not part of the standard claims and so it is not present in the OIDC response from Auth0, we need to create a Rule to add it as a custom claim. The rule would look something like this:

function (user, context, callback) {
    var namespace = 'https://myapp.example.com/'; // note that you cannot use auth0.com, webtask.io and webtask.run as a namespace identifier
    if (context.idToken && user.user_metadata) {
       context.idToken[namespace + 'user_metadata'] = user.user_metadata;
     }
   callback(null, user, context);
 }

Can you give that a try and please let us know if it does what you are looking to do


#3

Thanks for the quick answer. I can confirm that in context idToken is actualy empty {}. this is my Rule:

function (user, context, callback) {
    if (typeof user.last_password_reset === 'undefined' || user.last_password_reset === null) {
    request.post({
        url: "https://" + configuration.auth0_env_domain + ".eu.auth0.com/dbconnections/change_password",
        json: {
            "client_id": context.ClientID,
            "email": user.email,
            "connection": context.connection
        }
    }, function (err, resp) {
        if (err) return callback(err);
        if (resp.statusCode !== 200) return callback(new Error('...'));
    });

    return callback(new UnauthorizedError('You need to reset your password. We have sent you an email with instructions to reset it.'));
    }

var app_short_code = context.clientMetadata.short_code;
var userHasAccess = (user.app_metadata &&
                     user.app_metadata.permissions &&
                     user.app_metadata.permissions[app_short_code] &&
                     user.app_metadata.permissions[app_short_code].some(
                         function (permission) {
                             return permission === "xxxx";
                         }
                     )
                    );

if (!userHasAccess) {
    return callback(new UnauthorizedError("Access denied."));
}

user.app = context.clientMetadata.app;

if (user.app_metadata && user.app_metadata.clients) {
    user.cli = user.app_metadata.clients;
}

user.app_scope = {};
user.app_scope[app_short_code] = user.app_metadata.permissions[app_short_code];
// Always include permissions for panel-api
user.app_scope["panel-api"] = user.app_metadata.permissions["panel-api"];

callback(null, user, context);

}


#4

How can I get the idToken at context? It works perfectly from UI but I need to do this using a script against endpoints to obtain the Token that I use for our API calls.