Requesting Custom Claims on your Access Token

You can now add your own custom fields on the access token that your receive from Cotter

Use Case

Let's say you have a user with attributes:

{
"username": "helloworld",
"role": "admin"
}

And you want to include this in Cotter's Access Token so that you can quickly access them in your API Middleware, you can now do this by calling an API request.

post
Request Custom Claims on Cotter's Access Token

https://www.cotter.app/api/v0/token/custom
Add Custom Claims to Cotter's original Access Token that you get when the user logs in.
Request
Response
Request
Headers
API_KEY_ID
required
string
Your API Key ID
API_SECRET_KEY
required
string
Your API Secret Key
Content-Type
required
string
application/json
Body Parameters
custom_attributes
required
object
a Dictionary of custom attributes that you want to add to the original token
token
required
string
Cotter's original access token (or id token)
Response
200: OK
The new access token with the additional attributes
{
"token": "eyJhbGciOiJFUzI1NiIsImtpZCI6IlNQ..."
}

Example Request

POST https://www.cotter.app/api/v0/token/custom
Content-Type: application/json
API_KEY_ID: <API KEY ID>
API_SECRET_KEY: <API SECRET KEY>
โ€‹
{
"token": "eyJhbGciOiJFUzI1NiIsImtpZCI6I...", // The access token that you get when the user login with Cotter
"custom_attributes": { // Additional attributes that you want to add to the original token
"username": "helloworld",
"role": "admin",
"user_id": 125
}
}

Try it out at JWT.io

Request Body with the Original Access Token

Request Body
Decoded Token
Request Body
{
"token": "eyJhbGciOiJFUzI1NiIsImtpZCI6IlNQQUNFX0pXVF9QVUJMSUM6NkNFRTRBMEUtM0M0Ny00ODk1LUFCNjYtRjhFMDc2MTE1MzJGIiwidHlwIjoiSldUIn0.eyJhdWQiOiJhNDQ3MTc5NC04ZWU4LTRkODgtYjMyMS01ZjdhMjI4MDNkNDMiLCJhdXRoZW50aWNhdGlvbl9tZXRob2QiOiJTT0NJQUxfTE9HSU4iLCJjbGllbnRfdXNlcl9pZCI6IjU1MjIyNjFhLWFjN2UtNGQ2ZS1iMDU2LTk1OWY2MTJmYjM0YSIsImV4cCI6MTU5OTE4MTIwMywiaWF0IjoxNTk5MTc3NjAzLCJpZGVudGlmaWVyIjoicHV0cmlAY290dGVyLmFwcCIsImlzcyI6Imh0dHBzOi8vd3d3LmNvdHRlci5hcHAiLCJqdGkiOiJkNDAzOWM2YS1kMWNiLTQ0YTItYjA0OC0xOGU1YmMxZTIxNmIiLCJzY29wZSI6ImFjY2VzcyIsInN1YiI6IjU1MjIyNjFhLWFjN2UtNGQ2ZS1iMDU2LTk1OWY2MTJmYjM0YSIsInR5cGUiOiJjbGllbnRfYWNjZXNzX3Rva2VuIn0.U0Qz0ezHN04QrGnPzn7WlYsR-5_94dQ0K4ovMhcUF4qhJMhEdGODkZGcaJ4ylCT7JqDP5REO2nK3W9mj6uAj5w",
"custom_attributes": {
"username": "helloworld",
"role": "admin",
"user_id": 125
}
}
Decoded Token
{
"aud": "a4471794-8ee8-4d88-b321-5f7a22803d43",
"authentication_method": "SOCIAL_LOGIN",
"client_user_id": "5522261a-ac7e-4d6e-b056-959f612fb34a",
"exp": 1599181203,
"iat": 1599177603,
"identifier": "putri@cotter.app",
"iss": "https://www.cotter.app",
"jti": "d4039c6a-d1cb-44a2-b048-18e5bc1e216b",
"scope": "access",
"sub": "5522261a-ac7e-4d6e-b056-959f612fb34a",
"type": "client_access_token"
}

Response with the new Custom Attributes

JavaScript
Decoded Token
JavaScript
{
"token": "eyJhbGciOiJFUzI1NiIsImtpZCI6IlNQQUNFX0pXVF9QVUJMSUM6NkNFRTRBMEUtM0M0Ny00ODk1LUFCNjYtRjhFMDc2MTE1MzJGIiwidHlwIjoiSldUIn0.eyJhdWQiOlsiYTQ0NzE3OTQtOGVlOC00ZDg4LWIzMjEtNWY3YTIyODAzZDQzIl0sImV4cCI6MTU5OTE4MTIwMywiaWF0IjoxNTk5MTc3NjAzLCJpc3MiOiJodHRwczovL3d3dy5jb3R0ZXIuYXBwIiwianRpIjoiZDQwMzljNmEtZDFjYi00NGEyLWIwNDgtMThlNWJjMWUyMTZiIiwicm9sZSI6ImFkbWluIiwic3ViIjoiNTUyMjI2MWEtYWM3ZS00ZDZlLWIwNTYtOTU5ZjYxMmZiMzRhIiwidXNlcl9pZCI6MTI1LCJ1c2VybmFtZSI6ImhlbGxvd29ybGQifQ.O8te8naeRuYcXG6mLRc7FJ4a3TrBJlaJutzUCqJA8ncItAK9BKedV0TykLOhw_AmCAr-fz8bhbwi3XNUJmN8SQ"
}
Decoded Token
{
"aud": "a4471794-8ee8-4d88-b321-5f7a22803d43",
"authentication_method": "SOCIAL_LOGIN",
"client_user_id": "5522261a-ac7e-4d6e-b056-959f612fb34a",
"exp": 1599181203,
"iat": 1599177603,
"identifier": "putri@cotter.app",
"iss": "https://www.cotter.app",
"jti": "d4039c6a-d1cb-44a2-b048-18e5bc1e216b",
"role": "admin",
"scope": "access",
"sub": "5522261a-ac7e-4d6e-b056-959f612fb34a",
"type": "client_access_token",
"user_id": 125,
"username": "helloworld"
}