Set ID Token Claims Using Actions
This article details how to set ID Token claims using Actions.
- ID Token
- Claims
- Actions
It is possible to populate ID Tokens and Access Tokens (AT) with custom claims using a Post Login Action.
Our Post Login Actions have access to two objects that offer different features. These objects are:
The Event object offers access to Properties related to the Authentication Request, such as client ID, connection name, transaction, etc.
The API object provides a set of methods for performing different actions, such as adding custom claims.
To add a custom claim to an ID Token, use the following function:
api.idToken.setCustomClaim(name, value);
Follow Namespaced Claims Guidelines to ensure claims are collision-resistant. Use public, namespaced custom claims unless it is necessary for the application to do otherwise
A complete Post Login Action that adds a custom claim to the ID Token would look like this:
exports.onExecutePostLogin = async (event, api) => {
const namespace = 'https://myapp.example.com';
const { favorite_color, preferred_contact } = event.user.user_metadata;
if (event.authorization) {
// Set claims
api.idToken.setCustomClaim(`${namespace}/favorite_color`, favorite_color);
api.idToken.setCustomClaim(`${namespace}/preferred_contact`, preferred_contact);
}
};
Similarly, it is possible to add Custom Claims to an Access Token by referencing it before calling the setCustomClaim function:
api.accessToken.setCustomClaim('my-custom-claim', 'my-value');
