---
title: "Auth0"
slug: "auth0-1"
updated: 2023-08-02T11:14:28Z
published: 2023-08-02T11:14:28Z
---

> ## Documentation Index
> Fetch the complete documentation index at: https://docs.plainid.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Auth0

## Initial Setup Example

**Please note - the follwing steps, examples, and screenshots might differ according to your Auth0 Management Console version, and are here to illustrate the overall setup process.**

### In Auth0 Management UI:

1. Create an account.
2. Create an application (Machine to Machine).
3. Configure [IDP settings in the Tenant](/docs/configuring-an-idp-for-the-tenant).
4. Create a rule for adding the PlainID claim to the Id Token.

### Add a Rule to Inject the PlainID Claim

1. Create a rule to add the custom claim to the Access Token:
2. On the Auth0 Management UI menu, go to Auth Pipeline-> Rules .
3. Click on Create to create a rule.
4. Click on <> Empty Rule .
5. Give the rule a name and add the following JavaScript code:

```
function(user, context, callback) {
    let accessTokenClaims = context.accessToken || {};
    for (const [key, value] of Object.entries(user.user_metadata)) {
        console.log(`${key}: ${value}`);
        // adding claims to the access token
        accessTokenClaims[`https:${key}`] = value;
    }
    return callback(null, user, context);
}
```

1. Click Save Changes.

## Auth0 IDP token endpoint example

### Request example with password-realm grant type

```
curl --location --request POST 'https://CLIENT_AUTH0_URL/oauth/token' \
--header 'content-type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=http://auth0.com/oauth/grant-type/password-realm' \
--data-urlencode 'client_id=AUTH0_APP_CLIENT_ID' \
--data-urlencode 'client_secret=AUTH0_APP_CLIENT_SECRET' \
--data-urlencode 'audience=APP_AUDIENCE' \
--data-urlencode 'realm=DATABASE_REALM_NAME' \
--data-urlencode 'scope=openid email offline_access'
--data-urlencode 'username=AUTH0_USER_TO_AUTHENTICATE' \
--data-urlencode 'password=AUTH0_USER_PASSWORD'
```

### Response example

```
{
    "access_token": "ey..,
    "refresh_token": "MgyG83LVPm5KEVKH1gQnd4p31IvJDhGTV-9ive6O1G6X5",
    "id_token": "ey..",
    "scope": "openid email read:current_user update:current_user_metadata delete:current_user_metadata create:current_user_metadata create:current_user_device_credentials delete:current_user_device_credentials update:current_user_identities offline_access",
    "expires_in": 3600,
    "token_type": "Bearer"
}
```