Call /user_info vs implementing Rules

mail3 · July 24, 2017, 12:51am

I’m just getting to grips with Auth0 (very impressed so far!) and have a general question around the best way to get user info.

I have a SPA and an API. I’ve validated via the SPA and send the access_token to my API (NancyFx app). I’ve written some middleware to decode and valdiate the JWT access_token but I’d like to decorate the internal Identity of the user with email address etc.

What is the best way to handle this? I think there are 3 ways but would like to know if there are any best practices that I’m missing?

Call /userinfo with the access token to access the usersinfo.
Call the management API to get user info
Write a custom Rule to add claims (e.g. email address) to the access_token.

prashantT · July 29, 2017, 4:19am

Thanks for the positive feedback, glad to hear it’s working out for you.

You’ve pretty much covered the options to do that - see my answer here for an explanation.

Topic		Replies	Views
Get user info from access token without access point /userinfo Help jwt , userinfo , email	7	13155	October 11, 2019
SPA with API (Django) get user information Help api , userinfo , user-profile , user , django	2	4619	August 26, 2019
Best practices for validating access token and getting user info Help management-api , access-token , validation , user-info , id-token	2	6050	December 17, 2018
Authentication API vs Management API for getting logged in user info Help management-api , users	2	122	July 15, 2024
Getting the user_id in our backend API using an access token given from the frontend Help jwt , auth0 , api , rules , access-token	1	4504	April 8, 2021

Call /user_info vs implementing Rules

Related topics