Express-openid-connext: Intended way to get user data on login


I use express-openid-connect to have Single Sign On for my application. When a user logs in, I want to update the user entry in my application’s database with the data received from the identity provider. It looks like afterCallback is the best place for this, as it’s only called once after login. However, the id_token is only available in its base64 form and I have to decrypt it manually like this:

const tokenSet = new TokenSet({
      id_token: session.id_token,

    const claims =;

Is this the way it’s intended or am I missing something?

Hi @sr258,

Welcome to the Auth0 Community.

You are correct that from afterCallback you’ll need to decode the id token to view it’s claims. You can see an example of this using the jose package in our documentation that I’ve linked below.