thankful-secretary-66849
07/21/2025, 11:23 PMbrief-egg-61061
07/21/2025, 11:23 PMbrief-egg-61061
07/21/2025, 11:24 PMsession.access_token
object. For example: js import { Configuration, OAuth2Api } from "@ory/client" const ory = new OAuth2Api( new Configuration({ basePath: `https://${process.env.ORY_PROJECT_SLUG}.<http://projects.oryapis.com|projects.oryapis.com>`, accessToken: process.env.ORY_API_KEY, }), ) export async function acceptConsent(consentChallenge, userName) { return await ory.acceptOAuth2ConsentRequest({ consentChallenge, acceptOAuth2ConsentRequest: { session: { access_token: { name: userName, }, }, }, }) }
2. Result in the introspection response After this, when you introspect the access token, the custom claim (e.g., name
) will be available in the ext
field of the introspection response: json { "active": true, // ... other claims ... "ext": { "name": "John Doe" } }
This approach leverages the ability to customize claims in the access token and ensures that the user's name is available in the introspection response under the ext
field. For more details, see the documentation on customizing claims and token introspection: [Customizing claims with OAuth2 webhooks](https://www.ory.sh/docs/hydra/guides/claims-at-refresh), [Customize OpenID Connect scope and claims](https://www.ory.sh/docs/oauth2-oidc/openid-connect-claims-scope-custom), and [OAuth2 resource owner password credentials grant](https://www.ory.sh/docs/oauth2-oidc/resource-owner-password-grant).thankful-secretary-66849
07/21/2025, 11:33 PMbrief-egg-61061
07/21/2025, 11:34 PMbrief-egg-61061
07/21/2025, 11:34 PMswift "scope": "openid offline_access profile email"
If your identity schema includes first and last name, and you have mapped them to the appropriate OIDC claims (given_name, family_name), the profile scope will include them. Summary: - Remove name, traits.name.first, traits.name.last, and traits.email from the scope unless you have a custom implementation that expects them. - Use openid, offline_access, profile, and email for standard Ory/OIDC integrations. References: - [Customize OpenID Connect scope and claims](https://www.ory.sh/docs/oauth2-oidc/openid-connect-claims-scope-custom) - [OAuth2 authorization code flow](https://www.ory.sh/docs/oauth2-oidc/authorization-code-flow) - [OAuth2 scopes represent user consent](https://www.ory.sh/docs/oauth2-oidc/overview/oauth2-concepts#oauth2-scopes-represent-user-consent) If you need custom claims, you should handle them via data mapping or custom consent logic, not by adding them as scopes.thankful-secretary-66849
07/22/2025, 1:39 PMbrief-egg-61061
07/22/2025, 1:39 PMbrief-egg-61061
07/22/2025, 1:39 PM