Why are some claims visible at the Auth0 user profile and not in the id_token jtw payload?

Help
,
1

Hi there.

Why are some claims visible at the Auth0 user profile and not in the id_token jtw payload? I’m specifically missing the sid claim needed for Front Channel Logout, which is visible at the users prorfile at Auth0 after logging in with the OIDC, but it’s not visible in the decoded jwt payload.

For completeness: I’m building the app of off Laravel with the socialite Auth0 provider (GitHub - SocialiteProviders/Auth0: [READ ONLY] Subtree split of the SocialiteProviders/Auth0 Provider (see SocialiteProviders/Providers)).

Any help is appreciated

2

Just tried the Auth0 Laravel example app (GitHub - auth0-samples/auth0-laravel-php-web-app: Auth0 Integration Samples for Laravel Web Applications), and the decoded token_id payload doesn’t contain a sid (session id) claim eventhough the Auth0 user profile does:

Screenshot 2021-11-27 at 09.55.20
Screenshot 2021-11-27 at 09.55.201220×328 19.4 KB

Is Auth0 somehow masking the client_id claims?

1 Like
3

Solved it by adding the following rule to Auth0:


function addSidToIdToken(user, context, callback) {
  // This rule adds the authenticated user's session id (sid) to the id token.

  const namespace = 'https://example.com/';
  
  context.idToken[namespace + 'sid'] = user.sid;
  
  callback(null, user, context);
}
1 Like
4

Wooohooo! Glad you figured it out and thanks for sharing with the rest of community!