Navigation

    FusionAuth
    • Login
    • Search
    • Home
    • Categories
    • Recent
    • Popular
    • Pricing
    • Contact us
    • Docs

    SOLVED JWT claims and Identity Provider

    Q&A
    2
    3
    305
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Q
      quent last edited by

      Hi,

      I configured Fusionauth for the authentication on my API, so far working fine.

      I linked some external accounts (other Identity Provider) to some Fusionauth users, the authentication works fine as well.

      Now i wonder if I can retrieve in a claim of the JWT from which identity provider the user account is linked to ? The authentication is managed by Fusionauth, but is there a way to know if that user has a linked account, just reading the claims of the JWT ? I would like to differentiate FA's user without linked from users with linked account

      Thank you

      dan 1 Reply Last reply Reply Quote 0
      • dan
        dan @quent last edited by

        @quent

        You could do this in a couple of different ways.

        You should be able to examine the authenticationType claim, as documented here: https://fusionauth.io/docs/v1/tech/oauth/tokens#access-token

        You could create a custom reconcile lambda for the Identity Provider and set a custom claim, as documented here: https://fusionauth.io/docs/v1/tech/lambdas/google-reconcile (for google, there are analogous lambdas for every Identity Provider).

        Note that a user could be linked to more than one Identity Provider, so you should plan to handle that edge case.

        Hope that helps.

        --
        FusionAuth - Auth for devs, built by devs.
        https://fusionauth.io

        Q 1 Reply Last reply Reply Quote 0
        • dan
          dan @quent last edited by

          @quent

          You could do this in a couple of different ways.

          You should be able to examine the authenticationType claim, as documented here: https://fusionauth.io/docs/v1/tech/oauth/tokens#access-token

          You could create a custom reconcile lambda for the Identity Provider and set a custom claim, as documented here: https://fusionauth.io/docs/v1/tech/lambdas/google-reconcile (for google, there are analogous lambdas for every Identity Provider).

          Note that a user could be linked to more than one Identity Provider, so you should plan to handle that edge case.

          Hope that helps.

          --
          FusionAuth - Auth for devs, built by devs.
          https://fusionauth.io

          Q 1 Reply Last reply Reply Quote 0
          • Q
            quent @dan last edited by

            @dan Thank you, yes I can use lamba, i did give it a try and it works fine 🙂
            The authentication type does works too, but maybe more in a "workaround way".

            Thanks

            1 Reply Last reply Reply Quote 1
            • Topic has been marked as solved  Q quent 
            • First post
              Last post