https://descope.com logo
Join Slack
Powered by
Custom Attributes and Custom Claims do not seem to...
# ask-a-descoper
c
Custom Attributes and Custom Claims do not seem to be working. I have a flow that sets both custom claims and attributes at the start and end of the flow. Using a test app, I do not see those values being set on the user or the JWT returned
The body of the session token is
Copy code
{
  "amr": [
    "oauth"
  ],
  "drn": "DS",
  "exp": 1689000997,
  "iat": 1689000397,
  "iss": "P2PyHj5vITYBLnZyIwKUuUvpxN1C",
  "rexp": "2023-08-07T14:46:37Z",
  "started": 1,
  "sub": "U2RIaJGDXiL0olB4DlvimVzxE74U"
}
I would expect the 
started
and 
eml
custom claims based upon the test flow. The update properties sets the 
signup_stage
custom attribute, which I do not see in the user details or in the user console
Here's the test page I'm using. It's a fixed version of the sample apps that are broken by the newer client APIs
testpage.html
Questions: • Should custom claims appear in the session token as I'm assuming? I believe this was the behavior when I tested things a few months ago when evaluating descope. • Any known problems with custom attributes/properties? • Anything wrong with the testpage.html or my assumptions?
s
@cuddly-zebra-90373 can you export the flow? How are you using this flow? Is this as a stepup kind of flow?
c
It's a pruned down version of the 
sign-up-or-in
flow
sign-up-or-in-copy-copy.json
s
To answer a couple items there. Custom claims should be displayed within the JWT. Custom attributes I believe will not be in the JWT by default, but can be added with custom claims. Let me test with your flow as well. Give me a few minutes
c
Certainly
I put the Update Properties & Custom Claim at the start of the flow to ensure they were being run before any errors. I also made the welcome screen distinct from other flows just to confirm that it is hitting the correct flow
s
At the beginning. When you start with the custom claims and update user/properties, you don't even have a user's details yet. I'm curious as to why you wouldn't update the jwt at the end of the flow just before the end?
c
That was for testing.
It's at both the beginning and end of the flow in the export I sent you. had it at the end, but wasn't seeing the values. So put it at the beginning as well to ensure that there wasn't an error preventing the flow from reaching those values
s
Move it to be the last task. Like this and remove the pieces at the beginning. The pieces at the beginning should keep the flow from even loading. I tested with this one locally and it works. Just minor changes from yours. If you want to add the jwt, you'll need to add it like the screenshot attached.
sign-up-or-in-copy-copy (1).json
We have an example custom claims guide for Hasura that may be helpful as you start working with more extensive custom claims. https://docs.descope.com/knowledgebase/descopeflows/customclaimshasura/
c
what changed?
haven't tested it yet, but didn't see anything obvious at first glance
confirmed that it seems to work for me now
ahh
the "Add Claims" has to be the absolute last item before "END"
this works:
This does not:
s
Right as it's the last step before responding with the JWT. @great-diamond-35515 @square-vr-55083 This is as expected, correct?
I'm pretty sure it is as the update actually changes data on the user which would potentially change the JWT.
c
1. The Update User/Properties does not seem to work (not a showstopper for me) 2. Seems like you'd want to have the Add Claim be valid depending regardless of where it is in case you need to set a claim on a particular branch.
but I am unblocked by this. Thanks!
g
@cuddly-zebra-90373 great feedback, we’ll discuss internally how we can improve this (either support this or explain better why it should be done like this)
c
alternately, some form of feedback on any node that has positional requirements (even just bright red warning on the "Add Action" description would be great)
👍 1
s
Also, @cuddly-zebra-90373 how is the update user/properties not working? I have it working locally.
c
I'm looking at the /users dashboard. It's not reflected in the list view or by individually editing a user
reconfirming...
s
Could you double-check your update action that the attribute is in the drop-down list correctly?
c
which matches the config
s
Test another login and let's see that it's working or not. I am showing it work currently.
c
So it didn't work when I tried it. I edited by adding a new Update Properties action and now it works. I've shuffled the location around seeing if it was position dependent and it's working consistently
so works for me now 👍
Thanks, all!
🙏 2
Open in Slack
PreviousNext
Powered by