Auth0 scope is not returning profile and email data

srahimeen · January 12, 2023, 3:59am

I’m using Auth0 with a NextJS application using the NextJS SDK and I have the user login set up and working correctly.

I also have an ExpressJS API which I have made an API for in Auth0, and the requests from my NextJS to the ExpressJS API are authenticated and it can get data from it.

In NextJS I have my […auth0].ts set up as:

import { handleAuth, handleLogin } from '@auth0/nextjs-auth0'

export default handleAuth({
    login: handleLogin({
        authorizationParams: {
            audience: process.env.AUTH0_AUDIENCE,
            scope: 'openid profile email offline_access',
        },
    }),
})

And in one of my pages I’m fetching the access token as:

export const getServerSideProps = withPageAuthRequired({
    async getServerSideProps(ctx) {
        const { accessToken } = await getAccessToken(ctx.req, ctx.res)
        console.log(accessToken)

        // code to return props
    },
})

When I decode the jwt on jwt.io, I see the following data:

{
  "iss": "xxx",
  "sub": "xxx",
  "aud": [
    "xxx",
    "xxx"
  ],
  "iat": xxx,
  "exp": xxx,
  "azp": "xxx",
  "scope": "openid profile email offline_access",
  "permissions": []
}

I’ve checked my logged in user’s Raw JSON in the Auth0 dashboard, and they do have the profile and email data.

What do I need to do get the email, nickname, picture, etc. information in my accessToken in NextJS or my ExpressJS API? I need this information to create an entry in my database with the user information.

eric.culley · January 12, 2023, 10:35pm

Hi @srahimeen,

Welcome to the Auth0 Community!

openid, profile, and email are standard OIDC scopes used to request that certain data about the authenticated user is returned to the client application via the id token. This data is then parsed by our SDKs and included in the user object.

Access tokens on the other hand are used to authorize a client application to request a protected resource from an API. They are what’s known as bearer tokens, and don’t contain any identity information about the authenticated user other than the sub claim.

https://oauth.net/2/bearer-tokens/

If your use case requires adding user info to the access token, you can accomplish this by adding custom claims to your access tokens from within a post-login Action. The documentation below shows an example of how you would add a custom claim to an id token, but this can similarly be done with an access token using api.accessToken.setCustomClaim(name, value);.

srahimeen · January 13, 2023, 3:03am

That worked! Thanks for the info!

konrad.sopala · January 26, 2023, 11:55am

We are here for you!

system · February 9, 2023, 11:56am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.