Skip to content

Commit 5dc224c

Browse files
Export filterDefaultIdTokenClaims and update beforeSessionSaved docs
1 parent 7bd8398 commit 5dc224c

File tree

5 files changed

+28
-9
lines changed

5 files changed

+28
-9
lines changed

EXAMPLES.md

Lines changed: 19 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -621,19 +621,36 @@ The `beforeSessionSaved` hook is run right before the session is persisted. It p
621621
The hook recieves a `SessionData` object and an ID token. The function must return a Promise that resolves to a `SessionData` object: `(session: SessionData) => Promise<SessionData>`. For example:
622622

623623
```ts
624+
import { Auth0Client, filterDefaultIdTokenClaims } from "@auth0/nextjs-auth0/server"
625+
624626
export const auth0 = new Auth0Client({
625627
async beforeSessionSaved(session, idToken) {
626628
return {
627629
...session,
628630
user: {
629-
...session.user,
630-
foo: "bar",
631+
...filterDefaultIdTokenClaims(session.user),
632+
foo: session.user.foo, // keep the foo claim
631633
},
632634
}
633635
},
634636
})
635637
```
636638

639+
The `session.user` object passed to the `beforeSessionSaved` hook will contain every claim in the ID Token, including custom claims. You can use the `filterDefaultIdTokenClaims` utility to filter out the standard claims and only keep the custom claims you want to persist.
640+
641+
Alternatively, you can use the entire `session.user` object if you would like to include every claim in the ID Token by just returning the `session` like so:
642+
643+
```ts
644+
import { Auth0Client } from "@auth0/nextjs-auth0/server"
645+
646+
export const auth0 = new Auth0Client({
647+
async beforeSessionSaved(session, idToken) {
648+
return session
649+
},
650+
})
651+
```
652+
Do realize that this has an impact on the size of the cookie being issued, so it's best to limit the claims to only those that are necessary for your application.
653+
637654
### `onCallback`
638655

639656
The `onCallback` hook is run once the user has been redirected back from Auth0 to your application with either an error or the authorization code which will be verified and exchanged.

src/server/auth-client.ts

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -34,7 +34,7 @@ import {
3434
import { toSafeRedirect } from "../utils/url-helpers";
3535
import { AbstractSessionStore } from "./session/abstract-session-store";
3636
import { TransactionState, TransactionStore } from "./transaction-store";
37-
import { filterClaims } from "./user";
37+
import { filterDefaultIdTokenClaims } from "./user";
3838

3939
export type BeforeSessionSavedHook = (
4040
session: SessionData,
@@ -563,7 +563,7 @@ export class AuthClient {
563563
internal: session.internal
564564
};
565565
} else {
566-
session.user = filterClaims(idTokenClaims);
566+
session.user = filterDefaultIdTokenClaims(idTokenClaims);
567567
}
568568

569569
await this.sessionStore.set(req.cookies, res.cookies, session, true);

src/server/index.ts

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5,3 +5,5 @@ export { AuthClient } from "./auth-client";
55
export { TransactionStore } from "./transaction-store";
66

77
export { AbstractSessionStore } from "./session/abstract-session-store";
8+
9+
export { filterDefaultIdTokenClaims } from "./user";

src/server/user.test.ts

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,8 @@
11
import { describe, expect, it } from "vitest";
22

3-
import { filterClaims } from "./user";
3+
import { filterDefaultIdTokenClaims } from "./user";
44

5-
describe("filterClaims", async () => {
5+
describe("filterDefaultIdTokenClaims", async () => {
66
it("should return only the allowed claims", () => {
77
const claims = {
88
sub: "user_123",
@@ -20,7 +20,7 @@ describe("filterClaims", async () => {
2020
exp: 1234567890
2121
};
2222

23-
expect(filterClaims(claims)).toEqual({
23+
expect(filterDefaultIdTokenClaims(claims)).toEqual({
2424
sub: "user_123",
2525
name: "John Doe",
2626
nickname: "johndoe",
@@ -34,6 +34,6 @@ describe("filterClaims", async () => {
3434
});
3535

3636
it("should return an empty object if no claims are provided", () => {
37-
expect(filterClaims({})).toEqual({});
37+
expect(filterDefaultIdTokenClaims({})).toEqual({});
3838
});
3939
});

src/server/user.ts

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -12,7 +12,7 @@ const DEFAULT_ALLOWED_CLAIMS = [
1212
"org_id"
1313
];
1414

15-
export function filterClaims(claims: { [key: string]: any }) {
15+
export function filterDefaultIdTokenClaims(claims: { [key: string]: any }) {
1616
return Object.keys(claims).reduce((acc, key) => {
1717
if (DEFAULT_ALLOWED_CLAIMS.includes(key)) {
1818
acc[key] = claims[key];

0 commit comments

Comments
 (0)