FusionAuth
    • Home
    • Categories
    • Recent
    • Popular
    • Pricing
    • Contact us
    • Docs
    • Login

    JWT claims and Identity Provider

    Scheduled Pinned Locked Moved Solved
    Q&A
    2
    3
    2.4k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Q
      quent
      last edited by

      Hi,

      I configured Fusionauth for the authentication on my API, so far working fine.

      I linked some external accounts (other Identity Provider) to some Fusionauth users, the authentication works fine as well.

      Now i wonder if I can retrieve in a claim of the JWT from which identity provider the user account is linked to ? The authentication is managed by Fusionauth, but is there a way to know if that user has a linked account, just reading the claims of the JWT ? I would like to differentiate FA's user without linked from users with linked account

      Thank you

      danD 1 Reply Last reply Reply Quote 0
      • danD
        dan @quent
        last edited by

        @quent

        You could do this in a couple of different ways.

        You should be able to examine the authenticationType claim, as documented here: https://fusionauth.io/docs/v1/tech/oauth/tokens#access-token

        You could create a custom reconcile lambda for the Identity Provider and set a custom claim, as documented here: https://fusionauth.io/docs/v1/tech/lambdas/google-reconcile (for google, there are analogous lambdas for every Identity Provider).

        Note that a user could be linked to more than one Identity Provider, so you should plan to handle that edge case.

        Hope that helps.

        --
        FusionAuth - Auth for devs, built by devs.
        https://fusionauth.io

        Q 1 Reply Last reply Reply Quote 0
        • Q
          quent @dan
          last edited by

          @dan Thank you, yes I can use lamba, i did give it a try and it works fine 🙂
          The authentication type does works too, but maybe more in a "workaround way".

          Thanks

          1 Reply Last reply Reply Quote 1
          • Q quent has marked this topic as solved on
          • First post
            Last post