Custom Claims in Flows

Descope supports custom claims to restrict data based on user privileges, or to provide easy access to information on the client side without having to query your backend.

If a custom claim is modified and the key is not currently in the JWT, Descope will add the custom claim to the JWT. If a custom claim is modified and the key already exists, it will override the value.

Descope Flows can add additional custom claims to the user's JWT during the execution of a Descope flow. This can be done during the initial authentication flow, or can be done via a step-up or similar flow.

Add the Custom Claims Action

To add custom claims within your Descope flow, you can open the applicable flow to which you want to add the custom claims. Once you have opened the flow, click the add button on the bottom left, search for the action "Custom Claims," and add it to your flow.

Configure the Custom Claims Action

Within the custom claims simple configuration, you can add string, boolean, numerical, or dynamic values and assign to your desired keys. The dynamic values are populated from available data from Descope pertaining to the user.

You can also utilize the advanced configuration by clicking Advanced within the custom claims action. There you can work with the custom claims as a JSON object. For an example of using the advanced configuration, look at our JWT Template Guide.

Save and Attach the action

Click done on the action and then add it after the user's been verified. In this example, we will add it just before the end of the flow.

Test the Descope Flow

We can then test it within the sample app on the getting started screen.

The advanced custom claims configured are now added to the user's session JWT.