Hi, I am integrating Auth0 into the Django Rest Framework, have followed the quickstart tutorial and everything works fine. What I need to do is extend this to obtain data from auth0/userinfo and I am not quite sure where to inject this logic. Ideally I would do it from jwt_get_username_from_payload_handler(), however this function does not receive access to the token (only the payload) and so there is no way to make a request to /userinfo.
Thanks for any insights on this.
def jwt_get_username_from_payload_handler(payload):
username = payload.get(âsubâ).replace(â|â, â.â)
authenticate(remote_user=username)
return username
Good morning @trackers153, I hope you had a great holiday!
The below doc dives into leveraging the /userinfo
, please give it a peek and let me know if it helps you on your journey
https://auth0.com/docs/api/authentication#get-user-info
Thanks for pointer (which I had seen) but I am not sure how that answers my question. To reiterate, I am able to obtain /userinfo by hand (e.g. CLI), but I donât know how to incorporate that functionality into the rest API framework. The tutorial you have does not cover /userinfo.
As we investigate this to give a deeper working example, what version of Django do you use?
We use v3+ of Django but the quick start guide that you have (using Django v2, I believe) was completely adequate to get things up and running. So not looking for anything based on Django 3 per se, but more of a working example that shows the general mechanics.
Hi, wanted to follow up on this. Alternatively, is there a way to configure Auth0 in a such a way as to include the userâs email in the authorization tokenâs payload, maybe within the âsubâ key ?
I donât know the security implications of doing this, but would save on the extra request to /userinfo.
âsubâ: âauth0|5feâŠâ
Thanks for following up on this! Also you should be able to leverage scope
to pull the email if you are specifically looking for that resource.
Thanks. While I am able to get it working with the Default App (generic), it doesnât appear to work with my Single Page App. This is what I get back in the payload - âemailâ is included in the scope, however it isnât included in the payload. Please advise.
{âissâ: âhttps://[host].us.auth0.com/â,
âsubâ: âauth0|5feâŠâ,
âaudâ: [â[audience]â,
âhttps://[host].us.auth0.com/userinfoâ], âiatâ: 1610172450, âexpâ: 1610258850,
âazpâ: âYePXâŠâ,
âscopeâ: âopenid email offline_accessâ}
The access token wonât include the email
attribute regardless of the scope you specify. It will only do so if you set up a custom rule to populate it, which we donât recommend in this case.
If you want to save an extra request to /userinfo
you can issue an ID token by specifying id_token
in the response_type
(e.g., response_type=token id_token
) and retrieve the email
attribute from it.
You should always read user profile information such as email address from the ID token or /userinfo
as access tokens are intended for authorization and not authentication. This is why the access token doesnât include such attributes by default.
1 Like
Thanks for the clarification. I guess my original question still stands - whatâs the recommended way to obtain /userinfo in the context of using Auth0 with the Django Rest Framework. I did additional searching and apparently the library used in the Quickstart (drf-jwt) is no longer maintained and the author ( isnât he employed at Auth0? ) recommends moving to django-rest-framework-simplejwt. I also found a post from a year ago saying that Auth0 is working on producing this implementation. Has there been any progress made on that?
2 Likes
Iâm also stuck on this exact problem.
Itâs not clear how or where to use the /userinfo endpoint. I was planning to extend the RemoteUserBackend to do this, but we donât have access to the token at that point.
2 Likes
iâam also stuck in this problem, some of you managed to solve it?
itâis nothing clear how to get the email at this point.
we solve the problem using other token of other request, we use:
url_for_token = "https://DOMAIN/oauth/token"
body_for_token = {
"client_id":"Uy**********7TE",
"client_secret":"************",
"audience":DEFAULT AUDIENCE API,
"grant_type":"client_credentials"
}
response = json.loads(requests.post(url_for_token,data=body_for_token).text)
token_for_user = response["access_token"]
then we use that token to did the request for the email of the user
1 Like
Thanks for sharing that with the rest of community!