mutatingPostAuthentication hook can be used to allow or deny the user to be authenticated, and to modify the user object.
You can return the status
ok, which will allow the user to complete the authentication flow. If you don't want to complete the flow, you have to return
In case of
ok, you also need to return the user object, which can also be modified. You could modify existing properties, add custom claims or attributes.
user: The user object when the user is authenticated
clientRequest: The original client request object, including Headers
log: The logger object
internalClient: The internal client object
response: The response object (only for postResolve hooks)
input: The input object (only for Operation hooks)
internalClient, you're able to securely call into all defined Operations, e.g. to talk to a database or another service to enrich a response or manipulate the inputs of an Operation.