Hello!
I’m attempting to use the contents of this page to make a secure API for my backend.
I can’t however, figure out how to tell the user that made the request to the server.
I did manage to pass the user object from useAuth0() into the fetch request, but I’m not sure if that’s the secure way to do it.
Any help is greatly appreciated!
Thanks,
Fisher.
Hi @fishermedders,
Welcome to the Community!
You can use the contents of the JWT to determine the user. The sub claim contains the user ID. See this doc for an example:
You can also exchange the access token for the user’s profile against the /userinfo endpoint:
https://auth0.com/docs/api/authentication#user-profile
If you need more information in your access token, you can add it to the token in a custom claim rule.
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.