User email is shown fine on the client side using context.User.Identity.
However when I try to get user email on the API side I’m completely lost how can I do that.
Claims in the User.Identity even does not contain “email” in it’s scope:
Though this article claiming that “email” should be part of standard claims, it still not there: Sample Use Cases: Scopes and Claims, in my case is not there.
Is anyone have an idea what the configuration is missing? I followed all the steps described in the blog.
Hey @Keeper,
I’m not sure about what you are trying to accomplish
Why do you need the user profile on the API side? I mean, as far as I know, an API shouldn’t use an ID token. Can you elaborate on what your scenario is, please?
At the moment I need to know user email who logged in to create user profile in DB on the application side, for sure I need that email address on an API side.
I don’t have many details on your architectural scenario, so I can only make some hypotheses.
I assume you have a client (Blazor WASM client?) and an API (ASP.NET Web API). Your client uses Auth0 to authenticate your users and requests an access token to access your API.
The intended recipient of the ID token issued by Auth0 is your client. As per best practices, you shouldn’t pass it to your API.
If you need the user email on the API side, you can pass it as an argument.
That said, I don’t know why do you want to store the user email on your DB, but if you want to use it as a key to identify the user, I’m afraid it is not a good idea. The user email can change and you risk misaligning your data. For this purpose, you should use the sub value from the ID token as your user identifier.
Finally, just for completeness, to get the user email you need to request it explicitly when your users authenticate. In other words, you need to add the email scope in your OpenID Connect configuration. In the data you shown above, I see only openid and profile scopes.