🚀 Feature: Custom claims for clients (fetched from HTTP endpoint) #391

Open
opened 2026-02-04 19:25:11 +03:00 by OVERLORD · 2 comments
Owner

Originally created by @ItalyPaleAle on GitHub (Jul 25, 2025).

Feature description

It would be helpful to be able to add custom claims to the ID or access tokens per each client.

These claims could be hardcoded (configured in the UI) or ideally could be fetched from a HTTP(S) endpoint. During the authentication flow, Pocket ID would invoke the HTTP(S) endpoint with information about the user that is signing in, and the endpoint would respond with claims to add to the ID and/or access tokens.

Pitch

Applications often need to add claims to tokens that are specific to the user.

Examples include adding information from internal databases (think, organization name, or specific permissions, etc).

Personally, I would like to migrate one of my apps from Auth0 to Pocket ID, but I need to be able to add claims to the tokens that are specific to each user.

Most other IdP's have similar features, where custom claims can be added per client (either by invoking an endpoint, or sometimes by executing code directly in the IdP)

Originally created by @ItalyPaleAle on GitHub (Jul 25, 2025). ### Feature description It would be helpful to be able to add custom claims to the ID or access tokens per each client. These claims could be hardcoded (configured in the UI) or ideally could be fetched from a HTTP(S) endpoint. During the authentication flow, Pocket ID would invoke the HTTP(S) endpoint with information about the user that is signing in, and the endpoint would respond with claims to add to the ID and/or access tokens. ### Pitch Applications often need to add claims to tokens that are specific to the user. Examples include adding information from internal databases (think, organization name, or specific permissions, etc). Personally, I would like to migrate one of my apps from Auth0 to Pocket ID, but I need to be able to add claims to the tokens that are specific to each user. Most other IdP's have similar features, where custom claims can be added per client (either by invoking an endpoint, or sometimes by executing code directly in the IdP)
OVERLORD added the needs more upvotes label 2026-02-04 19:25:11 +03:00
Author
Owner

@savely-krasovsky commented on GitHub (Aug 31, 2025):

If I understood correctly #890, client_credentials flow will able to use those claims in issued access_tokens.

@savely-krasovsky commented on GitHub (Aug 31, 2025): If I understood correctly #890, `client_credentials` flow will able to use those claims in issued `access_tokens`.
Author
Owner

@megamorf commented on GitHub (Nov 16, 2025):

I'm currently doing a pilot with FastMCP's OIDC proxy - unfortunately that its token verifier expects a scopes or scp claim on the Pocket ID access token that corresponds to the scopes that have been granted by the IDP.

From browsing the tickets at least #837 was requesting the same thing, but that issue was pointed to this one.

How easy or difficult would it be to include that claim on the access token?

Thanks in advance and kind regards :-)

@megamorf commented on GitHub (Nov 16, 2025): I'm currently doing a pilot with FastMCP's OIDC proxy - unfortunately that its token verifier expects a `scopes` or `scp` claim on the Pocket ID access token that corresponds to the scopes that have been granted by the IDP. From browsing the tickets at least #837 was requesting the same thing, but that issue was pointed to this one. How easy or difficult would it be to include that claim on the access token? Thanks in advance and kind regards :-)
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/pocket-id#391