When a user is authenticated I get all of the profile information such as “nickname” and “email” but the property “user_metadata” is missing from the user object. I also don’t see a property user_metadata so when I try to print out “user_metadata” it is undefined. I am overwhelmed by the Rules, Management API, Locks . . I am not sure what to use. Is all I want is to display the address of the user that I have stored in "“user_metadata”. Any idea what I should do in this react application after the following code to retrieve this metadata?
const { isAuthenticated, login, logout, user } = useAuth();
console.log(user);
How do I get the metadata that is stored as JSON on the Auth0 site?
The two basic ways of doing this are: 1. adding claims to the user’s ID and / or access token(s) and 2. querying the /userinfo endpoint.
requires that you write a Rule. As an example, here is a Rule that adds a fictitious uuid attribute from the user’s app_metadata to their ID token:
requires that you get an access token and then call the /userinfo endpoint, requesting whatever user data you are interested in. I think this maybe works only for root profile attributes though.
Thank you. For completeness Would you be able to elaborate on 2)? From the documentation it is not entirely clear to me how I get an access token. What do I use as URL to make the call? What does the response look like? If I call the /userinfo endpoint I am assuming that the access_token is part of the header information in the request. I tried running this in Postman but I just get some form of access_denied like:
POST /oauth/token HTTP/1.1
I know this sounds like a request for some hand-holding but I don’t know what specific call to make and in what order. Is there some kind of step by step recipe that I can follow?
The UUID thing was just an example. You need to modify the rule to add the metadata attributes you are interested in to your ID and / or access tokens. I have a couple more simple examples at the link below, but your best bet are the sample Rules that are available in the management console and the examples in the documentation:
You do need an access token to call /userinfo. In your example above, it looks like you are using the client credentials grant type (“grant_type=client_credentials”). You should be using the authorization code grant type instead.
This was what was in the example I don’t know the options for possible "grant_type’s? What is the specific value for “authorization grant type”? I looked at the link and I couldn’t pick out a specific value there either.
Understood. Depending on which example or QuickStart you follow, you may or may not be using the correct grant type for what you are trying to do. Auth0 helps make a lot of this stuff much easier, but it is still important to understand the grant types available and when to use them.
For future-proofing purposes, I strongly recommend using only the “authorization code grant with PKCE” for normal applications and “client credentials” for machine-to-machine applications. These are the only two grant types in the proposed OAuth 2.1 spec.
So again I must be missing the flow. Would you be able to give me a flow for how this proceeds? From my understanding of your post I not only need to get an auth token but now I need to get “client_credentials” to fill in the values for grant_type. Would you be able to elaborate on how this is done?
You need an access token to call /userinfo. You get an access token when you successfully call /authorize. You probably want to use the authorization code flow, or the authorization code flow with PKCE. After you do this, you will have an access token that you can use to call /userinfo.
But to be honest, I would just write a Rule to add the data you are looking for to the user’s ID token. Probably much simpler than trying to call /userinfo yourself.
I’d suggest grabbing the QuickStart for whatever stack you are using and have a look at the code there.
Fair enough. And writing a Rule does work and will get me moving forward. I am pursuing this mainly for completeness. I am having a hard time getting the /userinfo route to work. I will try to see if /authorize works for me. Thanks for your help.
More clarification. The documentation mentions a call to /authorize but in the flow it shows a redirect to an established callback. I would like to make a call to /authorize using something like Postman and get a response back (hopefully that contains the access token). Is there somewhere I can turn to see how to make /authorize call with Postman?
I am trying the Postman collections but it seems like I get some form of “access denied” for all the calls, For instance when getting an access token this is the log of the request: