It seems that only the legacy (non OIDC conformant) flow is supported for Auth0 based on this documentation.
Unfortunately since a few years, for new customers of Auth0, created tenants aren't allowed to insert custom claims like explained in that sample rule from the shared link.
```// Example Auth0 rule
function (user, context, callback) {
user.app_metadata = user.app_metadata || {};
user.role = user.app_metadata.role; // This won't work.
callback(null, user, context);
}
### Improvement idea
Is there a possibility to accept [namespaces claims](https://auth0.com/docs/tokens/create-namespaced-custom-claims)? It could even be a fixed claim for postgrest like in the following sample.
function (user, context, callback) {
// it could be a fixed value for postgrest and may be documented
const namespace = 'https://postgrest.org';
accessTokenClaims[${namespace}/role] = user.app_metadata.role;
context.accessToken = accessTokenClaims;
callback(null, user, context);
}
```
With this option available, Auth0 customers may use the OIDC conformant APIs feature to issue JWT tokens with HS256. It will also open a possibility for Auth0 customers to use builtin Auth0 RBAC which helps to manage user roles.
Here is one sample rule from Auth0 docs to insert user roles into tokens as custom claims with core authorization feature.
The docs you have linked are from v4.1, so quite old, but the latest docs seem to be quite similar on that page on first glance. Not sure whether they might need an update in this place?
If I understood the problem correctly, you are looking for the role-claim-key config option:
http://postgrest.org/en/v7.0.0/configuration.html#role-claim-key
Great! Thank you. I think the role-claim-key would work!
If the parameter helps, I think the documentation for Auth0 needs to be updated. I can send a PR to that doc once we test it.
We may close this issue if you prefer. Thank you again for your help.
If the parameter helps, I think the documentation for Auth0 needs to be updated. I can send a PR to that doc once we test it.
I'm sure @steve-chavez would appreciate that!
@steve-chavez @wolfgangwalther wrote the updates as promised here. With OIDC it works perfect. I think you may also update the previous versions as long as role-claim-key is available. I think it may be available at least starting from version 6.