Context Tokens
Context tokens provide access to the current authenticated user's identity and permissions — always available in any widget, on any page, without configuration.
Available Context Tokens
| Token | Type | Description |
|---|---|---|
{{ context.userId }} | string | The authenticated user's unique ID (from Passport JWT sub claim) |
{{ context.tenantId }} | string | The current tenant's ID |
{{ context.name }} | string | The user's display name |
{{ context.email }} | string | The user's email address |
{{ context.roles }} | string[] | Array of role names the user has in the current tenant |
{{ context.locale }} | string | User's preferred locale (e.g., "en-US", "fr-FR") |
{{ context.timezone }} | string | User's timezone (IANA format, e.g., "America/New_York") |
Common Context Token Uses
// Greeting text
"content": "Welcome back, {{ context.name }}!"
// Auto-assign current user as record owner
"params": {
"ownerUserId": "{{ context.userId }}"
}
// Filter data to current user's records
"params": {
"tenantId": "{{ context.tenantId }}",
"assignedTo": "{{ context.userId }}"
}
// Role-based widget visibility
"visibilityExpression": "{{ context.roles.includes('manager') }}"
// Role-based button label
"label": "{{ context.roles.includes('admin') ? 'Delete' : 'Request Deletion' }}"
// Locale-aware date display (using custom JS for formatting)
"customJs": "return new Date(widget.data.createdAt).toLocaleDateString(context.locale);"
Context Source: Passport JWT
Context tokens are populated from the Passport JWT token claims at session start. The JWT is verified server-side on every API call. The context object in the frontend is a client-side representation — it is trusted for UI rendering but not for security enforcement (server validates the full JWT on every data request).
// JWT claims → context mapping
{
"sub": "user-abc123" → context.userId
"tid": "tenant-xyz" → context.tenantId
"name": "Jane Smith" → context.name
"email": "jane@co.com" → context.email
"roles": ["admin","app-designer"] → context.roles
"locale": "en-US" → context.locale
"zoneinfo": "US/Eastern" → context.timezone
}
Context tokens are read-only — you cannot set context values using the Set Variable action. Context is always derived from the active Passport session. If user roles change (e.g., an admin grants a new role), the context reflects the new roles only after the user re-authenticates (new JWT issued).