Auth0 Home Blog Docs

Additional user information


#1

is it possible to save additional users information on auth0 end? I need to designate each user with an access type that determines the resources made available to the users.

Any flow guidelines to achieve this?

Currently, I need to do a 3 step flow to finally reach out to my API end points for data.

  1. to hit autho0 Token end points to get the access tokens
  2. use the access tokens to hit an end point in my API to get the user type
  3. then take this user type to hit the actual data end points.

I need to reduce this to 2 step process.

thanks


#2

You can use user metadata (https://auth0.com/docs/metadata), in particular, for this situation the app_metadata seems to be the most suitable as I believe that the access type you mention should not be directly editable by the end-users themselves.

If you’re then requesting an access token for an API you configured at Auth0, then the access token will currently use the JWT format and you can add a custom claim to it containing the user access type. See https://auth0.com/docs/api-auth/tutorials/adoption/scope-custom-claims#custom-claims.


#3

Thank you. Can you tell how to read the app meta data from the token.
I added 2 keys under app meta data under Client from dashboard.
But when the accesstoken is generated, I do not see meta data information in there. Is it possible to show these under the access token. I need to read these keys from my web API.