<![CDATA[Topics tagged with claims]]>https://fusionauth.io/community/forum/tags/claimsRSS for NodeTue, 21 Apr 2026 13:38:56 GMTInvalid Date60<![CDATA[Modifying the issuer claim]]>It sounds like you're asking if you can modify the issuer claim.

You can control the "Issuer", or iss claim, in two different ways:

You can set it in the tenant config, where it will apply for all JWTs issued for that tenant. You'd modify that by navigating to "Tenants", then your tenant, then "General". Modify the "Issuer" field value to be login.example.com. You can set it at the individual JWT level by modifying the JWT populate lambda. You would do this if you wanted to have a different issuer based on some information from the user or registration data. (This does not appear to be the case here, just including this for completeness.)

I'm not clear if you have more than one tenant in your system; if you do, you can either change the "Issuer" setting for the default tenant (which is what is provided when no tenantId is on the URL) or request the endpoint with a tenantId appended, like this:

https://login.example.com/.well-known/openid-configuration?tenantId=<tenantid>

]]>https://fusionauth.io/community/forum/topic/632/modifying-the-issuer-claimhttps://fusionauth.io/community/forum/topic/632/modifying-the-issuer-claimInvalid Date<![CDATA[User registration provider data]]>@ashok glad you solved the problem!

The only problem is that I don't seem to be able to pass all the tokens and then "map" it out in the backend.

I'm not sure what you mean here. Are you not seeing all the tokens in the lambda? Or are you not able to put them all in the custom claim?

Also, I think I already know the answer to this and this may sound dumb, but how can you have multiple tokens? A user with multiple providers? If so, how are they consolidated and combined?

A token is tied to a registration/application, so someone could login with google to one FusionAuth application and with facebook to another. Unless I'm missing something, I don't believe they are combined.

Lastly, it would have been nice if user.registrations had a providers field.

We welcome your feature requests 🙂 . Please file a github issue: https://github.com/fusionauth/fusionauth-issues/issues

]]>https://fusionauth.io/community/forum/topic/129/user-registration-provider-datahttps://fusionauth.io/community/forum/topic/129/user-registration-provider-dataInvalid Date<![CDATA[How does one add custom claims to the JWT issued by the OAuth flow?]]>In general you are going to want to use a Lambda to populate additional claims: https://fusionauth.io/docs/v1/tech/lambdas/jwt-populate

This issue has some notes about Hasura in particular: https://github.com/FusionAuth/fusionauth-issues/issues/61

]]>https://fusionauth.io/community/forum/topic/65/how-does-one-add-custom-claims-to-the-jwt-issued-by-the-oauth-flowhttps://fusionauth.io/community/forum/topic/65/how-does-one-add-custom-claims-to-the-jwt-issued-by-the-oauth-flowInvalid Date<![CDATA[Can we set multiple "aud" claims in FusionAuth?]]>We do not support this directly in FusionAuth, but you could use a Lambda to set the aud claim to whatever you want.

The specification allows for a string value, or an array of string values, so you could create a Lambda with something like: jwt.aud = [ 'foo', 'bar' ];

More about Lambdas and JWTs here: https://fusionauth.io/docs/v1/tech/lambdas/jwt-populate

]]>https://fusionauth.io/community/forum/topic/52/can-we-set-multiple-aud-claims-in-fusionauthhttps://fusionauth.io/community/forum/topic/52/can-we-set-multiple-aud-claims-in-fusionauthInvalid Date