I have exactly the same problem.
Did you figure this out?
Update
After a lot of tinkering I ~concluded~ Stitch doesn’t allow certain fields as Metadata, like you want to.
Auth0 Access Token basically use these fields:
* iss (issuer): Issuer of the JWT
* sub (subject): Subject of the JWT (the user)
* aud (audience): Recipient for which the JWT is intended
* exp (expiration time): Time after which the JWT expires
* nbf (not before time): Time before which the JWT must not be accepted for processing
* iat (issued at time): Time at which the JWT was issued; can be used to determine age of the JWT
Out of all those, only iss
is read by Stitch as metadata. The others are ignored. Under the hood Stitch might use those fields for other stiff. We know that’s at least the case for aud
, that is (optionally) used for verification.
Solution
My goal was slightly different than OP’s, but close enough. I wanted to pass custom fields from Auth0 to Stitch through the access token.
First I needed to create a rule in Auth0, adding a field to the token. Auth0 requires the fields to be namespaced in the form of a url:
function (user, context, callback) {
const namespace = 'http://example.com/';
context.accessToken[namespace + 'email'] = user.email;
callback(null, user, context);
}
So I now had a token with a field { "http://example.com/email: email@example.com" }
, which I could verify by decoding it.
However Stitch wouldn’t read it, yielding
Error:
expected field 'http://example.com/email' to be in token metadata
I struggled to see why Stitch wouldn’t read that. Hours. Until I remembered the note about the dot notation.
Stitch interprets the Path http://example.com/email
as
{ "http://example": { "com/email" : <val> } }
Adding quotes didn’t work either:
Error:
expected field '"http://example.com/email"' to be in token metadata
Finally the trick was to remove the dot altogether:
function (user, context, callback) {
const namespace = 'http://examplecom/';
context.accessToken[namespace + 'email'] = user.email;
callback(null, user, context);
}
And adding http://examplecom/email
as the Path.