emit auth.jwt on refresh (#9661)

api/src/services/authentication.ts

@@ -174,6 +174,7 @@ export class AuthenticationService {
 				status: 'pending',
 				user: user?.id,
 				provider: providerName,
+				type: 'login',
 			},
 			{
 				database: this.knex,
@@ -274,7 +275,27 @@ export class AuthenticationService {
 
 		const newSessionData = await provider.refresh(clone(user), sessionData as SessionData);
 
-		const accessToken = jwt.sign({ id: user.id }, env.SECRET as string, {
+		const tokenPayload = {
+			id: user.id,
+		};
+
+		const customClaims = await emitter.emitFilter(
+			'auth.jwt',
+			tokenPayload,
+			{
+				status: 'pending',
+				user: user?.id,
+				provider: user.provider,
+				type: 'refresh',
+			},
+			{
+				database: this.knex,
+				schema: this.schema,
+				accountability: this.accountability,
+			}
+		);
+
+		const accessToken = jwt.sign(customClaims, env.SECRET as string, {
 			expiresIn: env.ACCESS_TOKEN_TTL,
 			issuer: 'directus',
 		});

docs/extensions/hooks.md

@@ -72,19 +72,19 @@ The context object has the following properties:
 
 #### Available Events
 
-| Name                          | Payload              | Meta                         |
-| ----------------------------- | -------------------- | ---------------------------- |
-| `request.not_found`           | `false`              | `request`, `response`        |
-| `request.error`               | The request errors   | --                           |
-| `database.error`              | The database error   | `client`                     |
-| `auth.login`                  | The login payload    | `status`, `user`, `provider` |
-| `auth.jwt`                    | The auth token       | `status`, `user`, `provider` |
-| `(<collection>.)items.create` | The new item         | `collection`                 |
-| `(<collection>.)items.update` | The updated item     | `keys`, `collection`         |
-| `(<collection>.)items.delete` | The keys of the item | `collection`                 |
-| `<system-collection>.create`  | The new item         | `collection`                 |
-| `<system-collection>.update`  | The updated item     | `keys`, `collection`         |
-| `<system-collection>.delete`  | The keys of the item | `collection`                 |
+| Name                          | Payload              | Meta                                 |
+| ----------------------------- | -------------------- | ------------------------------------ |
+| `request.not_found`           | `false`              | `request`, `response`                |
+| `request.error`               | The request errors   | --                                   |
+| `database.error`              | The database error   | `client`                             |
+| `auth.login`                  | The login payload    | `status`, `user`, `provider`         |
+| `auth.jwt`                    | The auth token       | `status`, `user`, `provider`, `type` |
+| `(<collection>.)items.create` | The new item         | `collection`                         |
+| `(<collection>.)items.update` | The updated item     | `keys`, `collection`                 |
+| `(<collection>.)items.delete` | The keys of the item | `collection`                         |
+| `<system-collection>.create`  | The new item         | `collection`                         |
+| `<system-collection>.update`  | The updated item     | `keys`, `collection`                 |
+| `<system-collection>.delete`  | The keys of the item | `collection`                         |
 
 ::: tip System Collections