I am getting an
accessToken and an
client.login within my SPA. I want to make a request to my API (resource server) to get user data from my database. However, I need the user’s email address or user ID to do so.
This is currently not accessible within an
accessToken but it is accessible inside of an
idToken. In order for me to follow the ‘correct’ way to do things by sending the
accessToken in the header and not the
idToken, I need to somehow extract the
accessToken from the header on my request in the server and call
client.userInfo with that
So, I could just send the
idToken instead of the
accessToken but every page of documentation here says that that is an ‘anti-pattern’ and that the
idToken is for the client and the
accessToken is for the server. I’m trying to do things the right way.
Another option is, could the
accessToken include the email address? I have added
scope: 'openid profile email' to my
client.login request, but it has done nothing except add
scope: 'openid profile email' to the JWT data (kinda useless).