Email claim key

Please can I know why the key for claims - email is
https://example.com/email

Hey there!

I’m not sure if I understand what you’re trying to achieve, can you add more context? Thank you!

Hi Konrad.sopala

when token is passed to backend services, we can extract claims from JWT. They look like below

sub: auth0|somehash
aud: null
https://example.com/email: <>
azp: somethingencrypted
scope: scopes
iss: https://your auth0 account/
exp: null
iat: null

So my question is - what is “https://example.com/email”,
It is key for user email, but why that special key, instead of email?

Hi @k-auth0,

Are you using a Rule to add custom claims to the tokens?

2 Likes

Hi @supun AFAIK I did no customization. All I wanted was to identify user from JWT token.

So angular is doing the token generation, and calling endpoint. The spring needs to know who it is from JWT token. None of the keys are added by me
sub: auth0|somehash
aud: null
exp: null
iat: null
…+ everything you see

Hi @k-auth0 ,

Thank you for the response.

Please DM me your tenant name to inspect the configurations internally.

1 Like

Someone created this script

Now I will come back to the basics.

I want to get email from token in the backend spring service. The object I use is of type - AuthenticationJsonWebToken

Do I need to create rule? If yes, is there a proper example.
If rule not needed, then how to identify the user from token in spring backend

@supun you did mention - sample use cases: scopes and claims

but it is too much for me …I won’t do for the sake of doing. In Postman I am specifying scopes.
what should I do in angular application, for the same? do I need to specify token options for every endpoint??

Why is the product so complicated?
why expecting to specify claims , are there nothing like default?? openid, profile, email and any scopes are added only to be passed isn’t? why again explicit?

Traditional AD Example: If a user is added to set of groups in active directory, do user has to specify those groups in every call? No. Then why this parameter - scope=openid%20profile%20email&

Step:
Initiate the authentication flow by sending the user to the authorization URL:

It asks me to configure…ok I selected a machine to machine app

why ngrok is coming - redirect_uri=https://79ff***6cd.ngrok.io&?? Cant I test using postman?

Can I get an answer? This is not asking for customization, but “how to”
Im afraid I can’t use Auth0