Get org_id in Backend Call

klausbreyer · March 4, 2024, 9:19am

Hey there,

I have a SPA with a Go Backend. In the backend I need to know die user id and the org id. It is a pure b2b setting (no personal accounts alongside org accounts)

I am using GitHub - auth0/go-jwt-middleware: A Middleware for Go Programming Language to check for JWTs on HTTP requests to get the claims.
Based on the claims I get the sub for the user id. So far so good. And because of the claims I know that this request is valid.

But how to get the org id? I know that the org id is in the JWT. But I am not sure, if I want to decode the JWT on my own. Is it secure when I do it after I the claims were verified through the middleware validator?

I have read quite some resources and I am on it for days, but maybe I am missing an important concept here?

tyf · March 5, 2024, 1:14am

Hey @klausbreyer!

It’s common practice to decode/inspect claims from a protected backend - There’s actually a fairly straightforward example of this here.

You will just want to update the customClaimsExample struct (and subsequent methods) to use Org_id:

type CustomClaimsExample struct {
	OrgId       string `json:"org_id"`
	ShouldReject bool   `json:"shouldReject,omitempty"`
}

klausbreyer · March 5, 2024, 8:30am

Thank you so much - this was the missing piece!

tyf · March 5, 2024, 8:54pm

Awesome, happy to help!

system · March 19, 2024, 8:55pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.