Create or update JWT customizer

PUT /api/configs/jwt-customizer/{tokenTypePath}

OAuth2

Create or update a JWT customizer for the given token type.

Path parameters

tokenTypePath string Required

The token type to create a JWT customizer for.

Values are access-token or client-credentials.

application/json

Body Required

script

The script of the JWT customizer.
environmentVariables

The environment variables for the JWT customizer.
contextSample

The sample context for the JWT customizer script testing purpose.
tokenSample

The sample raw token payload for the JWT customizer script testing purpose.

Responses

200 application/json

The updated JWT customizer.
One of:
object-1 object object-2 object
Hide attributes Show attributes

script string Required

environmentVariables object

Hide environmentVariables attributes Show environmentVariables attributes object

Additional properties

key string

contextSample object

Hide contextSample attributes Show contextSample attributes object

user object Required

Hide user attributes Show user attributes object

id string

Minimum length is 1, maximum length is 12.

username string | null

Maximum length is 128.

primaryEmail string | null

Maximum length is 128.

primaryPhone string | null

Maximum length is 128.

name string | null

Maximum length is 128.

avatar string | null

Maximum length is 2048.

customData object

arbitrary

identities object

Hide identities attributes Show identities attributes object

Additional properties

userId string Required

details object

arbitrary

lastSignInAt number | null

createdAt number

updatedAt number

profile object

Hide profile attributes Show profile attributes object

familyName string

givenName string

middleName string

nickname string

preferredUsername string

profile string

website string

gender string

birthdate string

zoneinfo string

locale string

address object

Hide address attributes Show address attributes object

formatted string

streetAddress string

locality string

region string

postalCode string

country string

applicationId string | null

Maximum length is 21.

isSuspended boolean

hasPassword boolean

ssoIdentities array[object]

Hide ssoIdentities attributes Show ssoIdentities attributes object

issuer string Required

Minimum length is 1, maximum length is 256.

identityId string Required

Minimum length is 1, maximum length is 128.

detail object Required

arbitrary

mfaVerificationFactors array[string]

Values are Totp, WebAuthn, or BackupCode.

roles array[object]

Hide roles attributes Show roles attributes object

id string Required

Minimum length is 1, maximum length is 21.

name string Required

Minimum length is 1, maximum length is 128.

description string Required

Minimum length is 1, maximum length is 128.

scopes array[object] Required

Hide scopes attributes Show scopes attributes object

id string Required

Minimum length is 1, maximum length is 21.

name string Required

Minimum length is 1, maximum length is 256.

description string | null Required

resourceId string Required

Minimum length is 1, maximum length is 21.

resource object Required

Hide resource attributes Show resource attributes object

tenantId string Required

Maximum length is 21.

id string Required

Minimum length is 1, maximum length is 21.

name string Required

Minimum length is 1.

indicator string Required

Minimum length is 1.

isDefault boolean Required

accessTokenTtl number Required

organizations array[object]

Hide organizations attributes Show organizations attributes object

id string Required

Minimum length is 1, maximum length is 21.

name string Required

Minimum length is 1, maximum length is 128.

description string | null Required

Maximum length is 256.

organizationRoles array[object]

Hide organizationRoles attributes Show organizationRoles attributes object

organizationId string Required

roleId string Required

roleName string Required

grant object

Hide grant attributes Show grant attributes object

type string("urn:ietf:params:oauth:grant-type:token-exchange")

subjectTokenContext object

arbitrary

tokenSample object

Hide tokenSample attributes Show tokenSample attributes object

jti string

aud string | array[string]

One of:
string-1 string array-2 array[string]

scope string

clientId string

accountId string

expiresWithSession boolean

grantId string

gty string

sessionUid string

sid string

kind string("AccessToken")
Hide attributes Show attributes

script string Required

environmentVariables object

Hide environmentVariables attributes Show environmentVariables attributes object

Additional properties

key string

contextSample object

arbitrary

tokenSample object

Hide tokenSample attributes Show tokenSample attributes object

jti string

aud string | array[string]

One of:
string-1 string array-2 array[string]

scope string

clientId string

kind string("ClientCredentials")
201 application/json

The created JWT customizer.
One of:
object-1 object object-2 object
Hide attributes Show attributes

script string Required

environmentVariables object

Hide environmentVariables attributes Show environmentVariables attributes object

Additional properties

key string

contextSample object

Hide contextSample attributes Show contextSample attributes object

user object Required

Hide user attributes Show user attributes object

id string

Minimum length is 1, maximum length is 12.

username string | null

Maximum length is 128.

primaryEmail string | null

Maximum length is 128.

primaryPhone string | null

Maximum length is 128.

name string | null

Maximum length is 128.

avatar string | null

Maximum length is 2048.

customData object

arbitrary

identities object

Hide identities attributes Show identities attributes object

Additional properties

userId string Required

details object

arbitrary

lastSignInAt number | null

createdAt number

updatedAt number

profile object

Hide profile attributes Show profile attributes object

familyName string

givenName string

middleName string

nickname string

preferredUsername string

profile string

website string

gender string

birthdate string

zoneinfo string

locale string

address object

Hide address attributes Show address attributes object

formatted string

streetAddress string

locality string

region string

postalCode string

country string

applicationId string | null

Maximum length is 21.

isSuspended boolean

hasPassword boolean

ssoIdentities array[object]

Hide ssoIdentities attributes Show ssoIdentities attributes object

issuer string Required

Minimum length is 1, maximum length is 256.

identityId string Required

Minimum length is 1, maximum length is 128.

detail object Required

arbitrary

mfaVerificationFactors array[string]

Values are Totp, WebAuthn, or BackupCode.

roles array[object]

Hide roles attributes Show roles attributes object

id string Required

Minimum length is 1, maximum length is 21.

name string Required

Minimum length is 1, maximum length is 128.

description string Required

Minimum length is 1, maximum length is 128.

scopes array[object] Required

Hide scopes attributes Show scopes attributes object

id string Required

Minimum length is 1, maximum length is 21.

name string Required

Minimum length is 1, maximum length is 256.

description string | null Required

resourceId string Required

Minimum length is 1, maximum length is 21.

resource object Required

Hide resource attributes Show resource attributes object

tenantId string Required

Maximum length is 21.

id string Required

Minimum length is 1, maximum length is 21.

name string Required

Minimum length is 1.

indicator string Required

Minimum length is 1.

isDefault boolean Required

accessTokenTtl number Required

organizations array[object]

Hide organizations attributes Show organizations attributes object

id string Required

Minimum length is 1, maximum length is 21.

name string Required

Minimum length is 1, maximum length is 128.

description string | null Required

Maximum length is 256.

organizationRoles array[object]

Hide organizationRoles attributes Show organizationRoles attributes object

organizationId string Required

roleId string Required

roleName string Required

grant object

Hide grant attributes Show grant attributes object

type string("urn:ietf:params:oauth:grant-type:token-exchange")

subjectTokenContext object

arbitrary

tokenSample object

Hide tokenSample attributes Show tokenSample attributes object

jti string

aud string | array[string]

One of:
string-1 string array-2 array[string]

scope string

clientId string

accountId string

expiresWithSession boolean

grantId string

gty string

sessionUid string

sid string

kind string("AccessToken")
Hide attributes Show attributes

script string Required

environmentVariables object

Hide environmentVariables attributes Show environmentVariables attributes object

Additional properties

key string

contextSample object

arbitrary

tokenSample object

Hide tokenSample attributes Show tokenSample attributes object

jti string

aud string | array[string]

One of:
string-1 string array-2 array[string]

scope string

clientId string

kind string("ClientCredentials")
400

The request body is invalid.
401

Unauthorized
403

Permission denied.

PUT /api/configs/jwt-customizer/{tokenTypePath}

curl \
 --request PUT 'https://[tenant_id].logto.app/api/configs/jwt-customizer/{tokenTypePath}' \
 --header "Authorization: Bearer $ACCESS_TOKEN" \
 --header "Content-Type: application/json"

Request examples

{}

Response examples (200)

{
  "script": "string",
  "environmentVariables": {
    "key": "string"
  },
  "contextSample": {
    "user": {
      "id": "string",
      "username": "string",
      "primaryEmail": "string",
      "primaryPhone": "string",
      "name": "string",
      "avatar": "string",
      "customData": {},
      "identities": {
        "userId": "string",
        "details": {}
      },
      "lastSignInAt": 42.0,
      "createdAt": 42.0,
      "updatedAt": 42.0,
      "profile": {
        "familyName": "string",
        "givenName": "string",
        "middleName": "string",
        "nickname": "string",
        "preferredUsername": "string",
        "profile": "string",
        "website": "string",
        "gender": "string",
        "birthdate": "string",
        "zoneinfo": "string",
        "locale": "string",
        "address": {
          "formatted": "string",
          "streetAddress": "string",
          "locality": "string",
          "region": "string",
          "postalCode": "string",
          "country": "string"
        }
      },
      "applicationId": "string",
      "isSuspended": true,
      "hasPassword": true,
      "ssoIdentities": [
        {
          "issuer": "string",
          "identityId": "string",
          "detail": {}
        }
      ],
      "mfaVerificationFactors": [
        "Totp"
      ],
      "roles": [
        {
          "id": "string",
          "name": "string",
          "description": "string",
          "scopes": [
            {
              "id": "string",
              "name": "string",
              "description": "string",
              "resourceId": "string",
              "resource": {
                "tenantId": "string",
                "id": "string",
                "name": "string",
                "indicator": "string",
                "isDefault": true,
                "accessTokenTtl": 42.0
              }
            }
          ]
        }
      ],
      "organizations": [
        {
          "id": "string",
          "name": "string",
          "description": "string"
        }
      ],
      "organizationRoles": [
        {
          "organizationId": "string",
          "roleId": "string",
          "roleName": "string"
        }
      ]
    },
    "grant": {
      "type": "string",
      "subjectTokenContext": {}
    }
  },
  "tokenSample": {
    "jti": "string",
    "aud": "string",
    "scope": "string",
    "clientId": "string",
    "accountId": "string",
    "expiresWithSession": true,
    "grantId": "string",
    "gty": "string",
    "sessionUid": "string",
    "sid": "string",
    "kind": "string"
  }
}

{
  "script": "string",
  "environmentVariables": {
    "key": "string"
  },
  "contextSample": {},
  "tokenSample": {
    "jti": "string",
    "aud": "string",
    "scope": "string",
    "clientId": "string",
    "kind": "string"
  }
}

Response examples (201)

{
  "script": "string",
  "environmentVariables": {
    "key": "string"
  },
  "contextSample": {
    "user": {
      "id": "string",
      "username": "string",
      "primaryEmail": "string",
      "primaryPhone": "string",
      "name": "string",
      "avatar": "string",
      "customData": {},
      "identities": {
        "userId": "string",
        "details": {}
      },
      "lastSignInAt": 42.0,
      "createdAt": 42.0,
      "updatedAt": 42.0,
      "profile": {
        "familyName": "string",
        "givenName": "string",
        "middleName": "string",
        "nickname": "string",
        "preferredUsername": "string",
        "profile": "string",
        "website": "string",
        "gender": "string",
        "birthdate": "string",
        "zoneinfo": "string",
        "locale": "string",
        "address": {
          "formatted": "string",
          "streetAddress": "string",
          "locality": "string",
          "region": "string",
          "postalCode": "string",
          "country": "string"
        }
      },
      "applicationId": "string",
      "isSuspended": true,
      "hasPassword": true,
      "ssoIdentities": [
        {
          "issuer": "string",
          "identityId": "string",
          "detail": {}
        }
      ],
      "mfaVerificationFactors": [
        "Totp"
      ],
      "roles": [
        {
          "id": "string",
          "name": "string",
          "description": "string",
          "scopes": [
            {
              "id": "string",
              "name": "string",
              "description": "string",
              "resourceId": "string",
              "resource": {
                "tenantId": "string",
                "id": "string",
                "name": "string",
                "indicator": "string",
                "isDefault": true,
                "accessTokenTtl": 42.0
              }
            }
          ]
        }
      ],
      "organizations": [
        {
          "id": "string",
          "name": "string",
          "description": "string"
        }
      ],
      "organizationRoles": [
        {
          "organizationId": "string",
          "roleId": "string",
          "roleName": "string"
        }
      ]
    },
    "grant": {
      "type": "string",
      "subjectTokenContext": {}
    }
  },
  "tokenSample": {
    "jti": "string",
    "aud": "string",
    "scope": "string",
    "clientId": "string",
    "accountId": "string",
    "expiresWithSession": true,
    "grantId": "string",
    "gty": "string",
    "sessionUid": "string",
    "sid": "string",
    "kind": "string"
  }
}

{
  "script": "string",
  "environmentVariables": {
    "key": "string"
  },
  "contextSample": {},
  "tokenSample": {
    "jti": "string",
    "aud": "string",
    "scope": "string",
    "clientId": "string",
    "kind": "string"
  }
}

Create or update JWT customizer

Path parameters

Body Required

Responses

aud string | array[string]

aud string | array[string]