I’m just getting to grips with Auth0 (very impressed so far!) and have a general question around the best way to get user info.
I have a SPA and an API. I’ve validated via the SPA and send the access_token to my API (NancyFx app). I’ve written some middleware to decode and valdiate the JWT access_token but I’d like to decorate the internal Identity of the user with email address etc.
What is the best way to handle this? I think there are 3 ways but would like to know if there are any best practices that I’m missing?
- Call /userinfo with the access token to access the usersinfo.
- Call the management API to get user info
- Write a custom Rule to add claims (e.g. email address) to the access_token.