Introduction

Auth0 allows you to add arbitrary claims to tokens (token customization) in the authentication and authorization process by using a function called Actions. As a result, the information required by the resource server can be passed at once via the token.
For example, you can implement the process of adding the profile information of the logged-in user to the ID token as a custom claim, or the process of adding the role information to the access token as a custom claim.

In this page, we will introduce the settings and actual operations using examples of the process of adding the logged-in user's profile information to the ID token and the process of adding role information to the access token.

premise

The information on functions and settings described on this page is current as of January 2023.

Setting overview

Configuration example A: Add user profile information to the ID token as a custom claim

0. Preparation

Add arbitrary profile information to user's [user_metadata]

1. Create a new Action

• On the Auth0 admin screen, click Actions > Flows > Login

• Click [Build Custom]

• Select the name of the action to be created, the trigger of the action, and the execution environment, and click [Create].

This time, select [Login / Post Login] in [Trigger] to incorporate Action into the login flow.

• Describe the logic to be implemented in the code editor (JavaScript description)

Use api.idToken.setCustomClaim() as a Function to set a custom claim to the ID token

• Click Deploy

• Confirm that the created Action was successfully deployed

2. Incorporate the created Action into Flow

• On the Auth0 admin screen, click Actions > Flows > Login

• From the Action list displayed in the [Custom] tab on the right side of the screen, drag and drop the Action created in "1. Create a new Action" and apply it to the flow diagram on the left side of the screen.

• Click [Apply]

• Confirm that it was reflected normally

Operational example A: Add user profile information as a custom claim to the ID token

2. Open the profile page and confirm that the added information is displayed

Setting example B: Add user role information to access token as custom claim

0. Preparation

Assign roles to users

1. Create a new Action

Perform 1) and 2) in the same way as "Setting example A: Add user profile information to ID token as a custom claim"

• Select the name of the action to be created, the trigger of the action, and the execution environment, and click [Create].

This time, select [Login / Post Login] for [Trigger] to incorporate Action into the login flow.

• Describe the logic to be implemented in the code editor (JavaScript description)

Use api.accessToken.setCustomClaim() as Function to set custom claim to access token

2. Incorporate the created Action into Flow

Perform ①②③ in the same way as "Setting example A: Add user profile information to ID token as a custom claim"

Operation example B: Add user role information to access token as custom claim

2. Check the acquired access token

• Decode access token
• Confirm role information is added

Summary

Auth0's Actions feature allows you to add custom claims to your tokens during the authorization process. It also comes with version control, testing, and debugging functions that are necessary for coding. You can try the functions even in the free Auth0 trial environment, so please feel the high degree of customization.

In Auth0, in addition to the custom logic introduced this time, you can incorporate various custom logic using the Actions function. If you are interested in Auth0's Actions feature, please contact us.

reference

• Create Custom Claims - Auth0 docs
• Sample Use Cases: Scopes and Claims - Auth0 docs
• Adding custom claims to tokens - Auth0 Community
• Auth0 Login Flow - Auth0 docs