Auth0 scope is not returning profile and email data

srahimeen · January 12, 2023, 3:59am

I’m using Auth0 with a NextJS application using the NextJS SDK and I have the user login set up and working correctly.

I also have an ExpressJS API which I have made an API for in Auth0, and the requests from my NextJS to the ExpressJS API are authenticated and it can get data from it.

In NextJS I have my […auth0].ts set up as:

import { handleAuth, handleLogin } from '@auth0/nextjs-auth0'

export default handleAuth({
    login: handleLogin({
        authorizationParams: {
            audience: process.env.AUTH0_AUDIENCE,
            scope: 'openid profile email offline_access',
        },
    }),
})

And in one of my pages I’m fetching the access token as:

export const getServerSideProps = withPageAuthRequired({
    async getServerSideProps(ctx) {
        const { accessToken } = await getAccessToken(ctx.req, ctx.res)
        console.log(accessToken)

        // code to return props
    },
})

When I decode the jwt on jwt.io, I see the following data:

{
  "iss": "xxx",
  "sub": "xxx",
  "aud": [
    "xxx",
    "xxx"
  ],
  "iat": xxx,
  "exp": xxx,
  "azp": "xxx",
  "scope": "openid profile email offline_access",
  "permissions": []
}

I’ve checked my logged in user’s Raw JSON in the Auth0 dashboard, and they do have the profile and email data.

What do I need to do get the email, nickname, picture, etc. information in my accessToken in NextJS or my ExpressJS API? I need this information to create an entry in my database with the user information.

eric.culley · January 12, 2023, 10:35pm

Hi @srahimeen,

Welcome to the Auth0 Community!

openid, profile, and email are standard OIDC scopes used to request that certain data about the authenticated user is returned to the client application via the id token. This data is then parsed by our SDKs and included in the user object.

Access tokens on the other hand are used to authorize a client application to request a protected resource from an API. They are what’s known as bearer tokens, and don’t contain any identity information about the authenticated user other than the sub claim.

https://oauth.net/2/bearer-tokens/

If your use case requires adding user info to the access token, you can accomplish this by adding custom claims to your access tokens from within a post-login Action. The documentation below shows an example of how you would add a custom claim to an id token, but this can similarly be done with an access token using api.accessToken.setCustomClaim(name, value);.

srahimeen · January 13, 2023, 3:03am

That worked! Thanks for the info!

konrad.sopala · January 26, 2023, 11:55am

We are here for you!

system · February 9, 2023, 11:56am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Nextjs-auth0 read:users not being returning in access token Help	4	2986	December 1, 2021
AccessTokenError: Could not retrieve an access token with scopes "openid profile email" Help jwt , auth0 , api , scopes , access-token	19	11581	May 29, 2021
Nextjs-auth0 /api/auth/me route doesn't return as many details as expected Help auth0 , user-profile , user_metadata , nextjs	5	6533	February 25, 2021
/userinfo not returning profile information, even with correct scopes Help scopes , user-profile	3	4740	March 2, 2018
How can I retrieve Auth0 user data from Auth0 data store and connect to ExpressJS app Help	0	1656	March 20, 2022

Auth0 scope is not returning profile and email data

Related topics