I have some custom state encoded as a claim in my Access Token (JWT) for quick access in the backend. User is logged in via our SPA or apps, and sends the Access Token to the Backend. I have backend in Node/JS and in Python, but in the provided SDK:s, I cannot find a method to fetch back the provided claims (with my custom “state”) in the JWT.
I can of course just read the token from the request header myself, maybe that is the recommended way?
I use a Login Flow of Auth0 to attach some more information to the JWT. This will speed up my backend as the most used pieces of the state is stored directly in the JWT. Now most backend calls can be served after just examining the JWT, without the delay of getting additional user info from the auth0 API or from some session cache in my backend.
Switching from a proprietary solution to auth0, I have a hard time finding a method in any of the backend SDK:s to fetch back the claims from the access token. From the Frontend I can verify that the JWT is correct using (from the example code)
auth0Client.getTokenSilently(). In the backend, this method is not usable since I don’t want for a new token, just access the one that was attached in the Authorization Bearer header of the request.