hey all ,
I setup both an application and an API with auth0. Plus everything seems to be working as expected and jwtCheck is working. the issue is that they payload for the jwt has nothing about user identity. If I’m building a simple todo app, I need way to make sure that authorized users can only CRUD thier own recourses.
My question is how to add user info like
user_id to the accessToken?
Welcome to the Auth0 Community, it’s great to have you here.
The sub claim of an Access Token obtained on login should contain the user_id. If you need more user information you can use the access token to call the userinfo endpoint, more information here https://auth0.com/docs/secure/tokens/access-tokens#sample-access-token
Hey @SaqibHussain thanks so much for the quick reply much appreciated .
maybe I should’ve clarified by access token I meant the access token returned by the
I’m using the
access_token from the endpoint to call an external API protected by Auth0. unfortunately the payload for that token has no info about the user, WDYT?
This should work without issue, please try the Authorization Code Flow as an example:
Take the code returned from the browser and pass it into the curl below
curl --request POST \
--url 'https://YOUR-DOMAIN/oauth/token' \
--header 'content-type: application/x-www-form-urlencoded' \
This will deliver
The sub claim will contain the user_id.
I hope this helps.