How to add custom attribute to the returned session JWT token?

[MaxOrelus]

Question 💬

In Cognito I'm enhancing the JWT token the AWS provides with my own custom attribute for Hasura.

https://hasura.io/docs/latest/graphql/core/guides/integrations/aws-cognito.html#test-the-cognito-login-and-generate-sample-jwts-for-testing

I need to be able to access this attribute from my application once a user is logged in.

Currently, when I get the user's session object, it only contains:

{
  expires: "...",
  user: {
    email: "..."
  }
}

Also, if I try to extract the cookie from the browser I get the following:

{
  "email": "...",
  "sub": "...",
  "iat": 1634222965,
  "exp": 1636814965
}

Is there a way to let next-auth w/Cognito Provider know that I would like to also pull in a custom attribute on the JWT token called "graphql"?

How to reproduce ☕️

N/A

Contributing 🙌🏽

No, I am afraid I cannot help regarding this

[balazsorban44]

https://next-auth.js.org/configuration/callbacks

[ObedAmpah]

Hello, I would like to respectfully ask for more explanation. I am unable to read custom attributes. I have confirmed they are added on creation, and I can confirm they are visible in the user group.

[jaketoolson]

In JWT and Session callbacks, you would need to return any additional options.

callbacks: {
    async session({ session, token, user }) {
      session.claims = // claims here ;
      return session
    },
    async jwt({ token, user, account, profile, isNewUser }) {
        user.claims = // claims here ;
      return user;
    }
  },

[ObedAmpah]

Thank you, @jaketoolson. I will edit my callbacks and try again in the morning.

[Zertz]

In the end it's not much code but it was hard for me to get what the documentation explains without a clear example, so here's one!

export default NextAuth({
  callbacks: {
    async jwt({ account, token, user }) {
      if (account && user) {
        if (["[email protected]"].includes(user.email)) {
          token.role = "admin";
        } else {
          token.role = "user";
        }
      }

      return token;
    },
    async session({ session, token }) {
      session.user.role = token.role;

      return session;
    },
  },
});

Then, in an API route:

export default async function adminRoute(req, res) {
  const session = await getSession({ req });

  if (session?.user.role !== "admin") {
    res.status(401).end();

    return;
  }

  res.json({ hello: "admin" });
}