Auth0 custom claims. Code is below, and it works awesome.

Auth0 custom claims But because Auth0 is inflexible with the namespace prefix for the custom May 25, 2021 · What is the maximum size limit for adding a custom claim to an idToken? I’m debating whether I should use roles and permissions via the custom claims and IdToken. Or just use the management API via an express app. On two tenants, with identical app configurations, API configurations, rules and connections, one app obtains all custom claims, properly namespaced, and the other doesn’t. Create a Login Action to add the user metadata as a customer claim. In Auth0s case, it puts a users permissions within a “permissions” claim and in Oktas case, they put them within a “groups” claim of the access token. I could find documentation and example Configure Proof Key for Code Exchange (PKCE) and mapping templates for OpenID Connect and Okta Workforce connections. Our claims are accessible via a sql query, and I would like to embed a users claims into their ClaimsPrincipal immediately after authentication. Mar 15, 2020 · Since app_metadata and user_metadata isn’t a standard OIDC claim, it needs to go into a custom claim, which is always returned with the whole namespace / namespace URL. You can use the data from the ID token to personalize the user interface of your React application. Apr 21, 2023 · However, when it comes to defining the claims, or adding claims to the identity, all the article offers is: When an identity is created it may be assigned one or more claims issued by a trusted party. They are part of the Auth0 Authentication Pipeline. I have a rule in Auth0 to insert the username of the user as a custom claim in the token. Hello, I’m working on an integration with Auth0 and have a requirement to add a custom claim to a user’s JWT when they hit a certain condition in the flow of our app. Feb 10, 2018 · I see that you’re using an auth0. Apr 26, 2022 · Have you ever heard of Auth0 Actions? Let's use one of its flows to add custom claims into an ID Token. authorize () using the rect-native-auth0 SDK as I have included some custom claims via a Login Action Flow (external user ID and token for 3rd party API). Here’s what I’ve done so far: Sep 1, 2019 · However, both Auth0 and Okta put a users permissions within a custom claim. For an example showing how to add custom claims to a token, see Sample Use Cases: Scopes and Claims. NET without a custom Auth0 rule, the return value would be null. ID tokens issued by Auth0 are JWTs and you can add custom claims to the JWTs using Actions. com Oct 30, 2025 · Using Auth0’s post-login action allows you to inject custom claims into the user’s id token before it is issued to the application, reducing the number of API calls needed to retrieve additional data. I guess we have to decide one “generic” namespace in the case where there are multiple web apps hosted in different domains. webAuth. Go to Auth0 > Auth Pipeline > Rules and create a new rule. Auth0 as identity provider Customize SAML assertions when Auth0 acts as the identity provider by configuring the addon in the Dashboard or by using rules. I know I’ll be limited via the rate limit for the management API and I don’t expect to hit that rate limit consistently. Describes Auth0 user, application, and client metadata. Nov 2, 2018 · Thanks! I added the custom claim to my access token and am able to access the custom claims for the token in my API. I logged in and verified that this is correctly happening. I want to avoid exposing my backend while developing locally. This custom claim will contain metadata that is then used by our app for authorization purposes. To learn more Oct 16, 2023 · Learn how to use Hooks to change scopes and add custom claims in the access token obtained using the Client Credentials Flow. ” Claims returned from the Azure AD enterprise connection are static; custom or optional claims will not appear in user profiles. If removing the form action restores claims, consider handling claims separately from the form rendering process. I want to be able to add a custom claim that identifies a customer. I see how to do this in the web portal. However this will be very cumbersome if we have to add custom claims to potentially hundreds of m2m applications. You can also create custom claims, which are claims that you define, control, and add to a token using Auth0 Actions. Is there a way to do this using the management api so this can be automated? I have searched through the documentation and community Jul 31, 2017 · I’m trying to add a custom claim to my Auth0 API but I am struggling to understand the documentation on this. Only one user will be an admin and I’ll be using policy based authorization for all other functionality. Then add it to the access token in a post-login action. See full list on auth0. authorization. Let me explain what I would like to do: I want to add a simple integer claim called DatabaseId. To avoid too much re-work we were hoping to keep the same id_token format and just update the authorize and token endpoints to now point to Auth0. These are Auth0’s own rules (not XML namespace rules, even if that was the inspiration), so your documentation needs to explicitly define the rules it’s using. We’re using it with auth0-angular, which automatically attempts refreshes the access token when necessary. So that Auth0 inserts more than just the 10 standard claims into a token, a rule is needed. Is it possible to realize such thing with the After a user successfully logs in, Auth0 sends an ID token to your React application. Jun 4, 2021 · Hello, I try to use oauth0 as test authentication server. However, since the claim I need is unique to each user and generated by my application, I would have to expose my local machine to the internet to allow Auth0 Actions to retrieve this user ID. However, if you want to capture information about a user and there currently isn’t a standard . As long as the Action is in place, the custom claims it adds will appear in new tokens issued when using a refresh token. Learn how you can use metadata to store information that does not originate from an identity provider. Custom claims You can define your own custom claims which you control and you can add them to a token using Actions. onExecutePostLogin = async (event, api) => { // This adds the authenticated user's email address to the access token. I managed to get jwt token from it jwt Is it possible to add custom set of claims to it? I searched for several hours for it, no luck. Is Jun 15, 2023 · Hi, Using the machine to machine flow. Jun 8, 2019 · Therefore, if we tried to access the ClaimTypes. These claims are returned in an ID Token and are also available through the /userinfo endpoint. In case of collisions, the transaction won't fail, but your custom claim won't be added to your tokens. Oct 2, 2024 · I’ve also read Auth0’s documentation, which suggests using Actions to add custom claims. As stated in the documentation: auth0. The OpenID Connect specification defines a set of standard claims. if (even… Add custom information stored in an Auth0 user profile to an ID token. I have a SPA application that uses the implicit grant flow to get a token for the user. Nov 7, 2017 · I’m new to Auth0 so I apologize in advance if the question is too basic. Apr 8, 2022 · I am using a rule to add custom claims to tokens obtained using the resource owner password flow. 1 Roles When adding the user’s Roles to the token, call the event. Nov 11, 2024 · The reason you are not seeing the custom claim is that it looks like you created an Auth0 action in the Post Login trigger, but you are requesting the token using Client Credential flow. Jul 10, 2020 · I urge you to get the Custom Claims documentation updated to explicitly name the two possible strings that a namespace must start with. In custom actions I am attempting to get these values in order to: Add StoreID/location_id to the access token as a claim Set Jul 30, 2018 · Hello there, I’m actually developing a small Ionic-app, which uses Auth0 for it’s authorization. exports. com domain as the namespace for your custom claims. I’m mapping customer attributes on the provider, StoreID and Role, to location_id and idp_provided_role on the user profile. onExecutePostLogin = async (event, api You can use Auth0 Rules with the Authorization Extension to do things like: Add custom claims to the issued token. You mentioned that the sub claim should exist in the access token but when I list all the claims out, I don’t see it. Aug 25, 2023 · Solution “Auth0 will restrict the creation of private, non-namespaced custom claims on access tokens in which the audience is an Auth0 API. , without calling auth0 actions/authorization server. For this implementation, I will be using the React Sample Application. . io and webtask. Appreciate any inputs to solve this problem. Learn how tokens work with Auth0's Organizations feature and how to authenticate users belonging to an organization. The set of standard claims include name, email, gender, birth date, and so on. OpenID and JWTs JWTs contain claims, which are statements (such as name or email address) about an entity (typically, the user) and additional metadata. Name claim in . Standard claims Standard claims are intended to provide an application with user details, such as name, email, and picture, and are pre-defined for the OIDC protocol. Auth0 is a flexible solution for Sep 10, 2019 · I was trying to add user email to access token, but when I log in using getTokenSilently from auth0-spa-js I don’t get any custom claim. May 9, 2025 · Hello! The form action might be interfering with custom claims and metadata in your post-login flow. I added it using auth0 rules system that I know works for me Note: This video was originally uploaded on January 25th, 2022. Auth0 allows namespaced and non-namespaced claims, but certain restrictions apply (see General restrictions). Jan 22, 2024 · Customizing Auth0 with Actions: A Real-World Use Case In this article, we’ll explore how to extend Auth0’s default behavior using custom actions. I’m currently using this Login Flow to attach roles to the Auth0 id tokens which works for when we create users in the Auth0 admin console, but I don’t want to do this for our Okta users which already have role information in their user Mar 17, 2020 · But my access token has only the default claims. 1. Code is below, and it works awesome. I also tested the rule manually and everything is good. For instance, it includes this example of providing a sf_community_id field: "attribute_map": { . My custom claim is not added. I see the custom claim that I added, iss, aud, iat Example Previously, Auth0 allowed only namespaced claims on access and ID tokens. When the login workflow is called from the application, I can see my console log about adding the claims to the context object from the rule in the logger extension. e. Auth0 Rules Auth0 Rules are hooks that take effect as soon as an event occurs. Following the tutorial, I was able to get a token from /oauth/token but I need to add custom claims to the JWT before it gets signed. Auth0 allows namespaced and non-namespaced claims, but certain restrictions apply (see General restrictions). Sep 10, 2025 · Access Token Claims Actions Solution It is possible to populate Access Tokens (AT) or ID Tokens with custom claims using a Post Login Action. Jul 13, 2024 · Is it possible to create a custom claim included in the access token for all users who have a specific role assigned? I. Aug 14, 2025 · Hi @jasonminor Welcome to the Auth0 Community! I am sorry about the delayed response to your inquiry! In the meantime, could you try the following code and let me know if it fixes the issue? import { Auth0Client } from "@auth0/nextjs-auth0/server"; export const auth0 = new Auth0Client({ async beforeSessionSaved(session, idToken) { return session; } }); As far as I know, you have to configure Jun 5, 2023 · Is it possible to add custom claims to an auth0 access token programmatically (I am using Quarkus), i. com, webtask. To get started, firstly you would need to create a PostLogin Trigger via the Auth0 Dashboard. Sometime in the last few days my API has started complaining the users aren’t authorised. io jwt , api , login 7 24301 January 7, 2019 /oauth/access_token custom claims Get Help social-connections , oidc , custom-claims , facebook , claim 7 4771 March 2, 2018 Update/add information in token Get Help management-api , users 2 1181 April 5, 2023 Update idToken add cutom claims from my next app Get Help user-profile , user Mar 1, 2024 · We have a post-login action to add custom claims to access tokens depending on the requested scopes - this works fine. Jun 15, 2022 · To do so, you must use a Post-Login Action script. With the migration to custom claims, non-namespaced claims can be used on access tokens , ID tokens, and the /userinfo endpoint of Auth0’s Authentication API. roles property and add it as a custom claim to the Token. Here are some examples: Add a user’s email address to an access token and use that to uniquely identify the user. Add custom information stored in an Auth0 user profile to an ID token . Add the user’s groups, roles, and permissions to the outgoing token (which can be requested via the openid groups permissions Nov 1, 2019 · We were investigating moving from another IDP providers to Auth0 where that IDP allowed us to roll our own id_token with values such as “roles” and other custom claims. I need a bit of assistance… I am trying to decode the idToken returned from auth0. May 16, 2023 · Hello, I’ve set up an enterprise connection where Auth0 is the service provider. Jun 14, 2024 · To add the email to the JWT claims, you can use one of the existing rule template available in Auth0. When the Jwt token is generated I would like to include some custom user claims that only exist in my user database. In this situation, the audience parameter was never passed in the login request May 30, 2017 · In short I’m wondering how I can insert a custom claim into an access token when using the client credentials grant. I created a hook to do that but I can’t figure out how to pass additional data in the payload Jan 7, 2019 · This is where custom claims come into action, via the help of an Action, you will be able to pass extra information to the token in order to customize and improve your application. If you need to include custom or optional claims in user profiles, use a SAML or OIDC connection instead. , I’d not like to define the content of the claim for individual users who have that role (because the claim content is identical for all these users), but for the role. Mar 9, 2023 · JWT. I’m trying to setup a service-to-service authentication using client-credentials-grant. This article provides steps to add custom claims to an Access Token, ID Token, or both, using Actions. When the user logs in on the front end using the stock Auth0 login screen, the front end will redirect him to a screen where he can choose which database he wants to log into (a user can Jul 13, 2020 · The possibility of sending any extra property to the payload allows to send any custom data to the Auth0 actions where we can do our own validations and add the custom claims when needed. Apr 15, 2020 · I have a collection of SPA sites that pass the JWT to the ASP Web API backend, which verifies the token is valid and extracts some custom claims I’m inserting (using a rule) for permissions. Determine the user’s group membership, roles, and permissions. Jan 25, 2025 · I’m trying to set custom claims in the JWT idToken and accessToken using a Post Login Action in Auth0. Jun 10, 2024 · I’m having issues setting a custom claim on the accessToken in the Flow > Login script. However, instead of receiving this (which I expected): This is just how it’s stored on Auth0 user store end, but not as it’s returned in the ID token. Long story short it looks like the access token no longer contains the custom claims. I’m using the auth0 SPA JS SDK GitHub - auth0/auth0-spa-js: Auth0 authentication for Single Page Applications (SPA) with PKCE Here … Sep 10, 2025 · This article explains how to call an external API to retrieve a response and set the API response as a custom claim in the Access/ID Token for an application. kstrongholte January 15, 2021, 9:59pm 9 Apr 27, 2023 · I recently created an app that has two methods of logging in: one is Auth0’s passwordless mechanism and the other is using our company’s Okta instance. In case of collisions, the transaction won’t fail, but your custom claim won’t be added to your tokens. Is it possible to call a Flow script from a custom trigger, possibly by using the client SDK? The custom claim metadata will not Aug 30, 2024 · I found this namespaced guidelines. After looking closely at the code snippet you shared, I noticed that you are calling the /userinfo endpoint with the token you obtained from the login flow. To learn how to add a custom claim in the OIDC-conformant pipeline, read Create Namespaced Custom Claims. To avoid name collisions, we recommend using namespaced claims. Need to add custom claims to your user's Auth0 ID tokens and don't know how? You came to the Oct 11, 2023 · The auth0 docs for OIDC attribute mapping provide numerous examples of providing custom claims. The API is validating the Custom claims With the OIDC-conformant pipeline, custom claims may still be added to ID tokens or access tokens, but they must conform to a namespaced format to avoid possible collisions with standard OIDC claims. Mar 10, 2023 · Hi @alexandra1, Welcome to the Auth0 Community! I understand that you have added custom claims to an access token but were not able to see them in the token. Try setting claims after the form action, ensuring the correct token scope and audience, and verifying namespace formatting. ATM I have included the suggested library (auth0-cordova), which is available here: GitHub - auth0/auth0-cordova: Auth0 integration for Cordova apps I’ve managed to the get it working via the official documentation and the corresponding samples: Authorization via Auth0Cordova(CONFIG Jan 1, 2023 · Hi I am trying to add a custom claim to my access tokens using a custom action: exports. function (user, context, callback) { var namespace = 'https Feature Request: Support custom claims from azure-ad connection Product Feedback azure-ad , custom-claims , claims , oidc-connection 1 1794 November 24, 2022 Upcoming change to non-namespaced custom claims Get Help custom-claims 4 1765 November 11, 2022 Angular Access Token Custom Claims Get Help jwt , auth0 , login , custom-claims 4 2629 Jun 2, 2018 · Im thinking of using Auth0 for my API and web application and have a query . run are Auth0 domains and therefore cannot be used as a namespace identifier. “attributes”: { … “sf_community_id”: “3423409219032-32” } } However, I believe I’m observing that the claim mapping only supports the non-restricted claims list for the mapping, as Mar 15, 2021 · Rules are Javascript functions that run after authentication which allow you to customize certain things such as adding custom claims to the Access Token/ID Token. Store the user’s groups, roles, and permissions info as part of the app_metadata. ofxmf lppcw oiaif sfqv ceao dnet gbmse myraach dndfev mwgiikbd egifor uys qspk pxxcxt khzhahj