Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unable to retrieve claims on an Access Token #458

Open
bmeredith opened this issue Aug 29, 2020 · 3 comments
Open

Unable to retrieve claims on an Access Token #458

bmeredith opened this issue Aug 29, 2020 · 3 comments

Comments

@bmeredith
Copy link

bmeredith commented Aug 29, 2020
edited
Loading

Hello!

I originally added a custom claim (e.g. mycustomclaim) to Id Token and was able to see and retrieve the custom claim after logging in using authClient.token.parseFromUrl or using the TokenManager, which works great.

I then needed to add a custom claim to the Access Token. Unfortunately there doesn't seem to be a way to retrieve that custom claim since the claims object that exists on idToken does not seem to exist for accessToken, which can be seen below.

Is there a recommended way to be able to read that custom claim?

"tokens": {
    "accessToken": {
      "value": "xxx",
      "accessToken": "xxx",
      "expiresAt": 1598648501,
      "tokenType": "Bearer",
      "scopes": [
        "openid",
        "email",
        "profile"
      ],
      "authorizeUrl": "https://example.com/oauth2/default/v1/authorize",
      "userinfoUrl": "https://example.com/oauth2/default/v1/userinfo"
    },
    "idToken": {
      "value": "xxx",
      "idToken": "xxx",
      "claims": {
        "sub": "00uvvjmcNvmk3gK711d5",
        "name": "My Name",
        "email": "myname@example",
        "ver": 1,
        "iss": "https://example.com/oauth2/default",
        "aud": "xxx",
        "iat": 1598648201,
        "exp": 1598651801,
        "jti": "xxx",
        "amr": [
          "pwd"
        ],
        "idp": "xxx",
        "nonce": "xxx",
        "preferred_username": "myname@example.com",
        "auth_time": 1598648196,
        "at_hash": "xxx",
        "mycustomclaim": "boom"
      },
      "expiresAt": 1598651801,
      "scopes": [
        "openid",
        "email",
        "profile"
      ],
      "authorizeUrl": "https://example.com/oauth2/default/v1/authorize",
      "issuer": "https://example.com/oauth2/default",
      "clientId": "xxx"
    }
  },
  "state": "xxx",
  "code": "xxx"
}
@shuowu
Copy link
Contributor

shuowu commented Aug 31, 2020

@bmeredith Thanks for reporting the issue!
Internal Ref: OKTA-326437

@denysoblohin-okta denysoblohin-okta mentioned this issue Oct 21, 2020
Closed
@denysoblohin-okta
Copy link
Contributor

The requested feature will be available in 4.3.0

@bmeredith
Copy link
Author

Looking forward to it, thank you!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat: Support custom claims in AccessToken - OKTA-326437 okta/okta-auth-js
3 participants
@bmeredith @shuowu @denysoblohin-okta