How to get more metadata in JWT using Auth0.js v8?

David_Ascher · May 26, 2017, 11:14am

I had been happily using Lock and v7 and getting various metadata (user_metadata, app_medatada, etc.) in the JWT token from my SPA to my API endpoint.

I’m moving to using Auth0.js and v8, which isn’t going well. I understand that even for apps that aren’t marked OIDC compliant, only OIDC scopes are encoded in the JWT.

I don’t understand what the workarounds for this new limitation are. I suppose I could build serverside logic to get the user profile, but that will slow things down and add auth0 complexity on the server endpoint which I’d rather not have.

I read on various bugs and tickets that it’s also possible to do so with rules. Any pointers as to how to do that? My feeble attemp:

function (user, context, callback) {
  user.user_metadata = user.user_metadata || {};
  user.app_metadata = user.app_metadata || {};
  user.drink = "lemonade";
  user.sport = "soccer";
  callback(null, user, context);
}

isn’t working because it seems user.user_metadata is null by the time it gets to this function.

There’s also been suggestions to use loginWithResourceOwner, but that isn’t documented AFAICT and appears to be on the path to deprecation.

Any help appreciated.

prashantT · May 26, 2017, 11:18am

Please read through the following document which outlines how to add custom claims to the id_token or access_token: OpenID Connect Scopes

David_Ascher · May 26, 2017, 12:56pm

Thanks for this link, it seems almost useful.

I’ve created and enabled a rule based on this, but I don’t understand how to capture the stuff that is normally in the profile. A line like:

context.idToken[namespace + 'app_meta_data'] = user. app_metadata

doesn’t work because the user object is stripped of attributes like app_metadata before it gets passed to the function, as far as I can tell.

prashantT · May 29, 2017, 5:11am

Metadata should be present in the user object in Rules. Could you please try adding a console.log statement at the beginning of the Rule, and monitor the output using the Realtime Webtask logs extension.

console.log(JSON.stringify(user));

Please let me know whether you can see user_metadata and app_metadata in the user profile.

David_Ascher · May 29, 2017, 6:05am

Hmm, I do indeed see user_metadata and app_metadata there. Will dig in more. Thank for the debugging advice.

Topic		Replies	Views
How to retrieve user metadata in the id_token? Get Help id_token , app_metadata , metadata , authentication , login	12	31642	January 6, 2023
Enable user_metadata and app_metadata on JWT token JWT.io app_metadata , user_metadata	6	13242	August 19, 2019
The app_metadata is not included in id_token Get Help jwt , app_metadata	3	11765	March 2, 2018
User app metadata set in rule is only available in JWT in the next login Get Help bug , jwt , app_metadata	4	5204	March 2, 2018
app_metadata missing when getting a user JWT using auth0-java Get Help app_metadata , java , auth0-java	2	5430	March 2, 2018

How to get more metadata in JWT using Auth0.js v8?

Related topics