Auth0

  • Updated on Aug 2, 2023
  • 1 minute(s) read
Prev Next

Initial Setup Example

Please note - the follwing steps, examples, and screenshots might differ according to your Auth0 Management Console version, and are here to illustrate the overall setup process.

In Auth0 Management UI:

  1. Create an account.
  2. Create an application (Machine to Machine).
  3. Configure IDP settings in the Tenant.
  4. Create a rule for adding the PlainID claim to the Id Token.

Add a Rule to Inject the PlainID Claim

  1. Create a rule to add the custom claim to the Access Token:

  2. On the Auth0 Management UI menu, go to Auth Pipeline-> Rules .

  3. Click on Create  to create a rule.

  4. Click on <> Empty Rule .

  5. Give the rule a name and add the following JavaScript code:

function(user, context, callback) {
    let accessTokenClaims = context.accessToken || {};
    for (const [key, value] of Object.entries(user.user_metadata)) {
        console.log(`${key}: ${value}`);
        // adding claims to the access token
        accessTokenClaims[`https:${key}`] = value;
    }
    return callback(null, user, context);
}
  1. Click Save Changes.

Auth0 IDP token endpoint example

Request example with password-realm grant type

curl --location --request POST 'https://CLIENT_AUTH0_URL/oauth/token' \
--header 'content-type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=http://auth0.com/oauth/grant-type/password-realm' \
--data-urlencode 'client_id=AUTH0_APP_CLIENT_ID' \
--data-urlencode 'client_secret=AUTH0_APP_CLIENT_SECRET' \
--data-urlencode 'audience=APP_AUDIENCE' \
--data-urlencode 'realm=DATABASE_REALM_NAME' \
--data-urlencode 'scope=openid email offline_access'
--data-urlencode 'username=AUTH0_USER_TO_AUTHENTICATE' \
--data-urlencode 'password=AUTH0_USER_PASSWORD'

Response example

{
    "access_token": "ey..,
    "refresh_token": "MgyG83LVPm5KEVKH1gQnd4p31IvJDhGTV-9ive6O1G6X5",
    "id_token": "ey..",
    "scope": "openid email read:current_user update:current_user_metadata delete:current_user_metadata create:current_user_metadata create:current_user_device_credentials delete:current_user_device_credentials update:current_user_identities offline_access",
    "expires_in": 3600,
    "token_type": "Bearer"
}