JSON Web Token Claims

Connect your app to Goodreads

This doc refers to the steps required to configure a Goodreads social connection in your Auth0 dashboard. If you are looking to manage authentication in your application, see Next Steps below.

To configure a Goodreads connection with Auth0, you will need to register your app on the Goodreads developers site.

Reserved claims

1. Apply for a developer key

Log into the Goodreads developer site, and select developer key:

Apply for a developer key

Custom claims

2. Enter information about your app

Complete the form then click Apply for a Developer Key. Enter your JSON Web Token (JWT)callback URL in the Callback URL field:

Find your Auth0 domain name for redirects

If your Auth0 domain name is not shown above and you are not using our custom domains feature, your domain name is your tenant name, plus For example, if your tenant name were exampleco-enterprises, your Auth0 domain name would be and your redirect URI would be

If you are using custom domains, your Refresh Tokenredirect URI will have the following format: https://<YOUR CUSTOM DOMAIN>/login/callback.

Enter information about your app

Public claims

3. Get your Consumer Key and Consumer Secret

Once the application is registered, the Key and Secret for your new app will be displayed on the following page:

Get your Consumer Key and Consumer Secret

Private claims

4. Create the Goodreads connection

You will need to use this endpoint of our Management API v2 to create a custom oauth1 connection for Goodreads.

Read our documentation on creating generic OAuth1 connections for more information on the individual fields used in the sample payload to follow. For Goodreads, this is a sample payload to create the connection:

You have to replace YOUR_API_V2_TOKEN_HERE with a Management API v2 token. For more information on how to get one see Access Tokens for the Management API.

This sample uses the following fetchUserProfile script, you can change it as you please:

Goodreads returns limited user profile data

If you have any Rules configured that rely on for example, user authentication will likely fail - the sample Rule above currently only returns,, and properties from Goodreads' API. Please add appropriate error handling to any Rules or Hooks that may rely on other user-profile data that may be missing. You may use our Real-time Webtask Logs extension to help debug these sorts of issues further.

If you do change the fetchUserProfile script, you can stringify the function easily for use in your POST /api/v2/connections payload as follows:

Read more

5. Test the connection

You can use the /authorize endpoint with custom client_id and connection parameters to test your connection. For example: