Is it possible to add custom claims to an auth0 access token programmatically (I am using Quarkus), i.e., without calling auth0 actions/auth... server

Question

Is it possible to add custom claims to an auth0 access token programmatically (I am using Quarkus), i.e., without calling auth0 actions/authorization server.

I could find documentation and example to add custom claim using Auth0 Actions and custom authorization server at the time of token generation but my use case is that I want to add custom claims to the token from my code after I receive the token for Auth0. Is this possible? Does Auth0 allows this? If possible could you please point me to the documentation or an example?

If you add custom claims to the token after you receive it, it will no longer be valid. That's because Auth0 signs the token, and your custom logic will change it, so it's no longer valid. — Matt Raible, Jun 05 '23 at 19:30
Access tokens are issued and signed by the authorization server only (Auth0 in your case). Applications (clients, resource servers) only need to trust the authorization server and can be certain that the access token hasn't been modified by another party. If this doesn't fit your needs, standards like OAuth and systems like Auth0 might be the wrong approach for you. But then again: OAuth is tested and tried and has served so many different applications. There is likely a good solution for you if you ask differently. — Codo, Jun 05 '23 at 20:21

Is it possible to add custom claims to an auth0 access token programmatically (I am using Quarkus), i.e., without calling auth0 actions/auth... server

0 Answers0