Controlling payload for JWT

bkleung89 · December 23, 2017, 5:28am

When using the Auth0 lock widget, I am forced to make it OIDC-compliant in order to specify an audience property. Once I do this, I throw an error whenever I run lock.getUserInfo:

{original: Error: Unsuccessful HTTP response
at Request. (http://localhost:5421/bundle.js:17429:…, statusCode: 401, code: “unauthorized”, description: “invalid credentials”}

If either I can get this method working, or if I can force the payload in my JWT to expose either a username or email, then my problem will be solved. Presently, my JWT exposes a property called “sub” that uniquely identifies a user, but I would prefer an email to be shown…how I might control the properties exposed in the JWT payload?

jmangelo · December 26, 2017, 5:07pm

If you’re doing OIDC compliant authentication then you can request user information through the standard scopes that the specification defines. In particular, if you perform a request with the scope openid email then any ID token issued as part of that transaction will include the email and email_verified claims if the corresponding information is available for the user in question.

In addition to the above you can also add any custom claims through the mechanism explained here.

With regards to calls to /userinfo endpoint have in mind that these require that you provide an access token (not an ID token) suitable to call that endpoint.

Topic		Replies	Views
Auth0 getUserInfo does not return all user data Help userinfo , oidc , oidc-conformant	6	10500	March 2, 2018
Lock Web - Get JWT access token and id token to call API Help token , lock , jwt , api , id_token	8	7220	March 2, 2018
Lock/JWT not returning email/profile. Chicken and egg problem JWT.io lock	4	5690	October 31, 2018
Payload doesn't include all data in the scope Help	3	3999	August 27, 2019
"invalid credentials" calling userinfo Help jwt , api , userinfo	5	4991	June 20, 2020

Controlling payload for JWT

Related topics