0
Fork 0
mirror of https://github.com/logto-io/logto.git synced 2024-12-16 20:26:19 -05:00
logto/.changeset/spicy-cameras-sleep.md
simeng-li b837efead6
feat(console,core): remove custom token claims api context dev guard (#6553)
* feat(console,core): remove custom jwt api context dev guard

remove custom jwt api context dev guard

* fix(console,schemas,phrases): fix custom jwt token request phrases

fix custom jwt token request phrases

* chore: return denyAccess
return denyAccess
2024-09-09 16:57:44 +08:00

16 lines
565 B
Markdown

---
"@logto/console": minor
"@logto/core": minor
---
add access deny method to the custom token claims script
Introduce a new `api` parameter to the custom token claims script. This parameter is used to provide more access control context over the token exchange process.
Use `api.denyAccess()` to reject the token exchange request. Use this method to implement your own access control logics.
```javascript
const getCustomJwtClaims: async ({ api }) => {
// Reject the token request, with a custom error message
return api.denyAccess('Access denied');
}
```