Hello i m trying to augment the JWT token with additional cl Ory Community #ory-network

Hello, i'm trying to augment the JWT token with ad...

stocky-caravan-55944

07/01/2025, 4:15 PM

Hello, i'm trying to augment the JWT token with additional claims. Something that i've tested on OSS hydra that worked but now i'm trying to implement this on the Ory Network and somehow i'm not able to augment the JWT. How should my webhook be configured in order to be able to update the JWT with additional info ? What I return from my webhook as follows, but it never gets to the token when i inspect it

Copy code

{
  "session": {
    "access_token": {
      "tenant_id": 124390123
    },
    "id_token": {
      "tenant_id": 124390123
    }
  }
}

bland-eye-99092

07/01/2025, 6:39 PM

Is the webhook target (e.g your code) called at all?

stocky-caravan-55944

07/01/2025, 6:40 PM

Yes it's called. When I use Login pre/after it's called

bland-eye-99092

07/01/2025, 6:40 PM

In Ory Network it's also a token hook, not login webhook. Ory Network's OAuth2 is fully compatible with the OSS Hydra

stocky-caravan-55944

07/01/2025, 6:40 PM

It's called with empty body .. i haven't added anything in the function (ctx) { } but this should be okay IMO

stocky-caravan-55944

07/01/2025, 6:41 PM

Yes in the Ory Hydra i used token hook but in Ory Network i do not see where to add this neither in the UI neither in the project config ...

stocky-caravan-55944

07/01/2025, 6:41 PM

If I try to patch from the CLI the project would that work ?

bland-eye-99092

07/01/2025, 6:42 PM

Yes it's part of the oauth2-config in the CLI

stocky-caravan-55944

07/01/2025, 6:42 PM

Do you have an example somewhere that I can use ?

stocky-caravan-55944

07/01/2025, 6:42 PM

I used to use

Copy code

oauth2:
  token_hook: <http://host.docker.internal:6000/v1/auth/hook>

for the Hydra

bland-eye-99092

07/01/2025, 6:43 PM

You can use the same config that you used in OSS and upload that to the Ory Network project. But if you only want to configure the token hook, you can use this guide: https://www.ory.sh/docs/hydra/guides/claims-at-refresh

stocky-caravan-55944

07/01/2025, 6:44 PM

Awesome, thanks

stocky-caravan-55944

07/01/2025, 6:45 PM

Can I get your mind on something .. i want to create a super admin and I created an admin schema and added user there. I want to add the information from the admin identity to the token. Initially was thinking that the information will be available in the userinfo but it was not.

stocky-caravan-55944

07/01/2025, 6:45 PM

Is there a better way to achieve this ? i.e. is there a way to expose the information from the schema in the userinfo ?

bland-eye-99092

07/01/2025, 6:48 PM

I think by default we only add basic information to the userinfo endpoint, such as name and email. If you have a custom UI you can customize this more, though

stocky-caravan-55944

07/01/2025, 6:52 PM

I customized it but is it possible to expose the information in the userinfo ?

bland-eye-99092

07/01/2025, 6:53 PM

yes, if you implement your own

acceptOAuth2ConsentRequest

call. See here for an example https://github.com/ory/kratos-selfservice-ui-node/blob/master/src/routes/consent.ts#L112

👀 1

✅ 1

stocky-caravan-55944

07/01/2025, 6:53 PM

i.e i added trait

role

and wonder if I can expose this in the userInfo, the only way to get it right now is to call

admin/identities/{subject}

but idk if this is the right way to do this

Open in Slack

Previous Next