Getting last password reset value in .Net Core service

In my .Net Core application I override AuthorizeAttribute. In OnAuthorizationAsync method I get the access token, I then call https://mytenant.auth0.com/userinfo?access_token=xyz to get user profile. Also when I redirect the user for authentication in my SPA, I use these settings scope: ‘openid last_password_reset email profile’. However GET on https://mytenant.auth0.com/userinfo?access_token=xyz is failing to return last_password_reset value. What am I missing? This is all I am getting

"{"sub":"auth0|5555666666777777","nickname":"authuser2","name":"authuser2@gmail.com","picture":"https://s.gravatar.com/avatar/xyz?s=480&r=pg&d=https%3A%2F%2Fcdn.auth0.com%2Favatars%2Fra.png\“,\“updated_at\”:\“2019-06-04T18:25:37.518Z\”,\“email\”:\“authuser2@gmail.com\”,\“email_verified\”:true}”

Hi @rajaauthowner,

The /userinfo endpoint returns a set of standard claims, which doesn’t currently include last_password_reset.

It can be obtained through the Management API /api/v2/users/{id} endpoint.

It could also be added to a token as a custom claim in a rule.

Hope this helps,

Dan

Thanks Dan. I tried creating a machine to machine api and issued the CURL call (the exact command given by Auth0) and I get “{“error”:“access_denied”,“error_description”:“Unauthorized”}curl: (6) Could not resolve host: application”

Very frustrating we have to go through so many hoops to get simple things done. Auth0 created a default Test application for access to management API and that is returning “unauthorized” too.

1 Like

@rajaauthowner,

Sorry to hear your frustrations! It’s not a great experience to want to be able to do something and be blocked with errors. I have written a rule that will add a custom claim to your token. This is the easiest way I can think to get you the last pw reset information. Note: if a user has never reset their password this value will be undefined, and wont show up in a token!

function (user, context, callback) {
  const namespace = 'https://myapp.example.com/';
  context.idToken[namespace + 'last_password_reset'] = user.last_password_reset;
  context.accessToken[namespace + 'last_password_reset'] = user.last_password_reset;
  callback(null, user, context);
}

I have tested this and it works with a user who has reset their password on an Auth0 DB connection.

If this solution does not accomplish what you want, let me know and we can work through the management API solution.

Thanks,
Dan

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.