custom_jwt.js
· 1.9 KiB · JavaScript
Raw
/**
* This function is called during the access token generation process to get custom claims for the access token.
* Limit custom claims to under 50KB.
*
* @param {Payload} payload - The input argument of the function.
*
* @returns The custom claims.
*/
const getCustomJwtClaims = async ({ token, context, environmentVariables, api }) => {
const user = context.user;
// const roles = user.roles.map((r) => r.name);
const scopes = user.roles
.map((r) => r.scopes.map((s) => s.name))
.reduce((acc, val) => acc.concat(val), []);
// const organizations = await Promise.all(
// user.organizations.map(async (org) => {
// // Find roles assigned to user in this org
// const orgRoles = user.organizationRoles.filter((or) => or.organizationId === org.id);
// // For each org role, fetch detailed scopes from Logto API
// const detailedRoles = await Promise.all(
// orgRoles.map(async (or) => {
// try {
// const roleData = await api.getRole(or.roleId);
// // Extract scopes from roleData
// const roleScopes = roleData.scopes.map((s) => s.name);
// return {
// id: or.roleId,
// name: or.roleName,
// scopes: roleScopes,
// };
// } catch (error) {
// // Handle error or return empty scopes
// return {
// id: or.roleId,
// name: or.roleName,
// scopes: [],
// };
// }
// })
// );
// return {
// id: org.id,
// name: org.name,
// roles: detailedRoles,
// };
// })
// );
return {
// user_id: user.id,
// email: user.primaryEmail,
// name: user.name,
// suspended: user.isSuspended,
// avatar: user.avatar,
scopes
// roles,
// organizations,
};
};
| 1 | /** |
| 2 | * This function is called during the access token generation process to get custom claims for the access token. |
| 3 | * Limit custom claims to under 50KB. |
| 4 | * |
| 5 | * @param {Payload} payload - The input argument of the function. |
| 6 | * |
| 7 | * @returns The custom claims. |
| 8 | */ |
| 9 | const getCustomJwtClaims = async ({ token, context, environmentVariables, api }) => { |
| 10 | const user = context.user; |
| 11 | |
| 12 | // const roles = user.roles.map((r) => r.name); |
| 13 | |
| 14 | const scopes = user.roles |
| 15 | .map((r) => r.scopes.map((s) => s.name)) |
| 16 | .reduce((acc, val) => acc.concat(val), []); |
| 17 | |
| 18 | // const organizations = await Promise.all( |
| 19 | // user.organizations.map(async (org) => { |
| 20 | // // Find roles assigned to user in this org |
| 21 | // const orgRoles = user.organizationRoles.filter((or) => or.organizationId === org.id); |
| 22 | |
| 23 | // // For each org role, fetch detailed scopes from Logto API |
| 24 | // const detailedRoles = await Promise.all( |
| 25 | // orgRoles.map(async (or) => { |
| 26 | // try { |
| 27 | // const roleData = await api.getRole(or.roleId); |
| 28 | // // Extract scopes from roleData |
| 29 | // const roleScopes = roleData.scopes.map((s) => s.name); |
| 30 | |
| 31 | // return { |
| 32 | // id: or.roleId, |
| 33 | // name: or.roleName, |
| 34 | // scopes: roleScopes, |
| 35 | // }; |
| 36 | // } catch (error) { |
| 37 | // // Handle error or return empty scopes |
| 38 | // return { |
| 39 | // id: or.roleId, |
| 40 | // name: or.roleName, |
| 41 | // scopes: [], |
| 42 | // }; |
| 43 | // } |
| 44 | // }) |
| 45 | // ); |
| 46 | |
| 47 | // return { |
| 48 | // id: org.id, |
| 49 | // name: org.name, |
| 50 | // roles: detailedRoles, |
| 51 | // }; |
| 52 | // }) |
| 53 | // ); |
| 54 | |
| 55 | return { |
| 56 | // user_id: user.id, |
| 57 | // email: user.primaryEmail, |
| 58 | // name: user.name, |
| 59 | // suspended: user.isSuspended, |
| 60 | // avatar: user.avatar, |
| 61 | scopes |
| 62 | // roles, |
| 63 | // organizations, |
| 64 | }; |
| 65 | }; |