Can't get email from id_token

I try to access the email from the user profile via the id_token but I don’t have any luck.
My scope is set to ‘openid profile email’ and my users all have emails in their profile. However when I get the id_token back, I cannot see any email attribute (an email_verified field is available though):
![alt text][1]

Do you have any idea how to access the users’s email?
Thanks very much,
Manuel

I could not reproduce the described situation when performing a login through the hosted page; the issued ID token contained the email address as expected. I did use a username/password user instead of a Facebook user, but that should not matter unless your Facebook user somehow did not had an email attribute which based on the information you provided is not the case as you checked that they had an email.

If you can reproduce this situation (ideally with a username/password user) can you update your question with the exact steps taken, in particular, provide information about how (which endpoint, client library, etc) the user is authenticating and any specific information about the client application configuration might also be useful, for example, client type and OAuth settings.

I face the same issue since a couple of days. Everything was fine last week, but by now, I only retrieve sub, email, verified_email through access_token based profile authentication.

Steps to reproduce:

First, create WebAuth object.

  webAuth = new auth0.WebAuth({
    domain: AUTH_CONFIG.domain,
    clientID: AUTH_CONFIG.clientID,
    redirectUri: AUTH_CONFIG.redirectUri,
    audience: `https://${AUTH_CONFIG.domain}/userinfo`,
    responseType: 'token id_token',
    scope: 'openid profile' // name email picture user_metadata app_metadata   });

Then, login

    this.webAuth.authorize();

Retrieve access_tocken and user profile

const accessToken = this.getAccessToken();
log.info(`getProfile:accessToken: ${accessToken}`);
this.webAuth.client.userInfo(accessToken, (err, profile) => {
  if (profile) {
    log.info('userProfile: ' + JSON.stringify(profile));
    this.userProfile = profile;
  }
  cb(err, profile);
});

And profile only contains 3 keys: sub, email, verified_email …

1 Like

I’m facing the same situation.

did use a username/password user instead of a Facebook user, but that should not matter …]

This is actually not true: when using a username/password user, everything is fine (as well as for Google account). The problem only happens with Facebook login.

I use the following configuration, with email specified in scope, and facing the same situation for Facebook login.

  auth0 = new auth0.WebAuth({
        clientID: 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx',
        domain: 'xxx.eu.auth0.com',
        responseType: 'token id_token',
        audience: 'https://xxx.eu.auth0.com/userinfo',
        redirectUri: 'http://localhost/redirect-after-auth',
        scope: 'openid profile email'
      });
  • When using Facebook login, the email is not in the user info, although it should. Note that I however see the “email_verified”: true property (note fore @jmangelo)
  • When using username/password or Google login, everything is fine; the email is in the user info.

Here is the result in the dashboard
![alt text][1]

Can someone else help with that? I would be very thankful. Getting email from social account is a basic use case. I’m struggling for days with that, and getting crazy.

Thanks,
O.

I found the solution!!!

You must also tick the “Email” option in
Dashboard > Connections > Social > Facebook > Email address

(thanks to How to get email for LinkedIn - Auth0 Community)

1 Like