Hi @jorlee,
Thanks for the update!
In this scenario, normally the sub claim would be used to contextually identify the user, but obviously that won’t work for your use case with data stored against email address.
You can add the email address for the user to the access token using a rule:
It’s important to note that by default, Auth0 always enforces namespacing; any custom claims with non-namespaced identifiers will be silently excluded from tokens.
function(user, context, callback) {
const namespace = 'https://your.namespace.com/';
context.accessToken[namespace + 'email'] = user.email;
callback(null, user, context);
}
Your API can then use this claim as part of its operations without needing to make an extra API call to get the user’s email address.