From 23c9762cb8ca1cd8dd083e06d818b58dc103683b Mon Sep 17 00:00:00 2001 From: Joakim Olsson Date: Mon, 20 Oct 2025 13:29:01 +0200 Subject: [PATCH] chore: add custom claims to management token Adds custom claims to the access and ID tokens for the management API. This modification allows the inclusion of specific claims in the tokens, improving the flexibility and security of the authentication process. The claims are added to support better access control and user identification. --- app.js | 40 +++++++++++++++++++++++----------------- 1 file changed, 23 insertions(+), 17 deletions(-) diff --git a/app.js b/app.js index 623d514..b7ed2f3 100644 --- a/app.js +++ b/app.js @@ -66,24 +66,30 @@ app app.post('/oauth/token', async (req, res) => { const date = Math.floor(Date.now() / 1000) if (req.body.grant_type === 'client_credentials' && req.body.client_id) { - const accessToken = await signToken({ - iss: jwksOrigin, - aud: [audience], - sub: 'auth0|management', - iat: date, - exp: date + 7200, - azp: req.body.client_id - }) + const claim = {} + claim[adminCustomClaim] = true + const accessToken = await signToken( + addCustomClaims('management@example.org', [claim], { + iss: jwksOrigin, + aud: [audience], + sub: 'auth0|management', + iat: date, + exp: date + 7200, + azp: req.body.client_id + }) + ) - const idToken = await signToken({ - iss: jwksOrigin, - aud: req.body.client_id, - sub: 'auth0|management', - iat: date, - exp: date + 7200, - azp: req.body.client_id, - name: 'Management API' - }) + const idToken = await signToken( + addCustomClaims('management@example.org', [claim], { + iss: jwksOrigin, + aud: req.body.client_id, + sub: 'auth0|management', + iat: date, + exp: date + 7200, + azp: req.body.client_id, + name: 'Management API' + }) + ) debug('Signed token for management API') -- 2.52.0