Sample Use Cases

Customize Tokens

You can use Rules to change the returned scopes of Access Tokens and/or add claims to Access and ID Tokens. To do so, add the following rule, which will run after the user authenticates:

function(user, context, callback) {

  // add custom claims to Access Token and ID Token
  context.accessToken['http://foo/bar'] = 'value';
  context.idToken['http://fiz/baz'] = 'some other value';

  // change scope
  context.accessToken.scope = ['array', 'of', 'strings'];

  callback(null, user, context);

Namespacing Custom Claims

Auth0 returns profile information in a structured claim format as defined by the OIDC specification. This means that custom claims added to ID Tokens or Access Tokens must conform to a namespaced format to avoid possible collisions with standard OIDC claims. For example, if you choose the namespace and you want to add a custom claim named myclaim, you would name the claim, instead of myclaim.

View Sample Application: Mobile App + API

For an sample implementation, see the Mobile + API architecture scenario. This series of tutorials is accompanied by a code sample that you can access in GitHub.