Am I doing this right?

I’m new to Auth0 (or any similar platform) and I apologize for my very basic question. I’m a bit confused on a concept and I’d like confirmation that I’m understanding this right.

I built a single page app (in vanilla JS) that needs to call an API that I made in order to access some data. I have successfully implemented the login process. I pass the JWT token to my API through the authentication header and my API properly validates and decodes it. Now the only identifier I see on the API-side as part of the JWT payload is the user_id (the “sub” value), but I don’t see the user name, email or any of the other fields I can see client-side using the getUser() function from the library.

My question is: how am I supposed to get the user profile from the API side? I guess I have to make an API call on the API side? I suppose I have just not found the right tutorial. Any pointers would be much appreciated.

Hi @reward72

There’s a few ways to approach this:

You can add the desired fields to the access token with an Auth0 rule.

You can pass the ID token along with the access token to your API (and your API must verify that the id token passed matches the access token).

You can call the management API to get user info.

Each has benefits and drawbacks. I’d suggest starting with adding the fields to the access token to see if that is sufficient.

John

1 Like