Call /user_info vs implementing Rules

I’m just getting to grips with Auth0 (very impressed so far!) and have a general question around the best way to get user info.

I have a SPA and an API. I’ve validated via the SPA and send the access_token to my API (NancyFx app). I’ve written some middleware to decode and valdiate the JWT access_token but I’d like to decorate the internal Identity of the user with email address etc.

What is the best way to handle this? I think there are 3 ways but would like to know if there are any best practices that I’m missing?

  • Call /userinfo with the access token to access the usersinfo.
  • Call the management API to get user info
  • Write a custom Rule to add claims (e.g. email address) to the access_token.

Thanks for the positive feedback, glad to hear it’s working out for you.

You’ve pretty much covered the options to do that - see my answer here for an explanation.