Current situation, the user fill in credentials and these are send to my API. When credentials are Ok the API sends back a session_token (which is stored by the API with username). With every call to the API this session_token is send in the header. So the API knows the username for that call and can do things (filter data for that user e.g.)
Now I want SSO with Auth0. Auth0 returns an access_token which is send to the API. So the API knows that the user is valid, but it has no clue of the users identity to filter data.
How to implement this with Auth0. I miss something ;-).