Files

.github
articles
codemods
config
fr-ca/articles
- _includes
  - _api-auth-customize-tokens.md
  - _api_auth_intro.md
  - _boxed.html
  - _callback_url.md
  - _calling_apis.md
  - _checksession_polling.md
  - _co_authenticate_errors.md
  - _compat_warning.md
  - _contact-sales.md
  - _create_resource_server.md
  - _deprecate-delegation.md
  - _deprecate-impersonation.md
  - _email-domain-blacklist.md
  - _embedded_login_warning.md
  - _enable-third-party-apps-info.md
  - _enforce-claim-namespacing.md
  - _http-method.html
  - _ip_whitelist.md
  - _java_new_app.html
  - _libraries_support_frameworks.html
  - _libraries_support_lock.html
  - _libraries_support_sdks.html
  - _linking_accounts.md
  - _lock-sdk.html
  - _lock_auth0js_deprecations_notice.md
  - _login_auth0_hosted_login_page.md
  - _logout_url.md
  - _metadata_on_signup_warning.md
  - _native_passwordless_warning.md
  - _new_api.html
  - _new_app.md
  - _new_app_no_sample.html
  - _package.html
  - _parental-consent.md
  - _pipeline2.md
  - _rbac_methods.md
  - _rbac_vs_extensions.md
  - _refresh_token_rotation_panel.md
  - _refresh_token_rotation_recommended.md
  - _samesite_none.md
  - _test-this-endpoint.md
  - _test-with-postman.md
  - _token_signature.md
  - _topic-links.md
  - _users_update_normalized_profile_attributes.md
  - _uses-delegation.md
  - _version_warning_api.md
  - _version_warning_auth0js.md
  - _version_warning_lock.md
  - _video.md
  - _web_origins.md
  - _webtask.md
- addons
- analytics
- anomaly-detection
- api-auth
- api
- appliance
- application-auth
- applications
- architecture-scenarios
- authorization
- best-practices
- branding-customization
- cms
- compliance
- configure
- connections
- connector
- cross-origin-authentication
- custom-domains
- dashboard
- deploy
- design
- dev-centers
- dev-lifecycle
- email
- errors
- extend-integrate
- extensions
- flows
- getting-started
- guides
- hooks
- hosted-pages
- i18n
- identity-labs
- integrations
- libraries
- login
- logout
- logs
- mfa
- microsites
- migrations
- monitoring
- onboarding
- policies
- pre-deployment
- private-cloud
- product-lifecycle
- protocols
- quickstart
- rules
- scopes
- security
- services
- sessions
- sso
- support
- tokens
- topics
- troubleshoot
- universal-login
- users
- videos
ja-jp
media
scripts
snippets
updates
.gitignore
.markdownlint.json
.prettierrc
CONTRIBUTING.md
LICENSE
README.md
STYLEGUIDE.md
WORDS.md
app.json
opslevel.yml
package.json
postbuild.sh
prebuild.sh
tools.js
wordy-guide.md
yarn-error.log
yarn.lock

_api-auth-customize-tokens.md

harishsundar-okta

Adding ja-jp and fr-ca folders

Jan 16, 2025

2c13b36 · Jan 16, 2025

You can use Rules to change the returned scopes of the Access Token and/or add claims to it (and the ID Token) with a script like this:

function(user, context, callback) {

  // add custom claims to Access Token and ID Token
  context.accessToken['http://foo/bar'] = 'value';
  context.idToken['http://fiz/baz'] = 'some other value';

  // change scope
  context.accessToken.scope = ['array', 'of', 'strings'];

  callback(null, user, context);
}

::: panel-warning Namespacing Custom Claims Auth0 returns profile information in a structured claim format as defined by the OpenID Connect (OIDC) specification. This means that in order to add custom claims to ID Tokens or Access Tokens, they must conform to a namespaced format to avoid possible collisions with standard OIDC claims. You can add namespaced claims using Rules. :::