I can log in, get an access token, pass it to the secured API and the API runs. Great.
But how do I know who has called the API? The access token doesn’t tell me, i.e. I cannot see the user’s email address.
I’ve tried adding a custom action to add the user email to the access token with this code:
exports.onExecutePostLogin = async (event, api) => {
// This adds the authenticated user’s email address to the access token.
if (event.authorization) {
const namespace = ‘’;
api.accessToken.setCustomClaim(${namespace}/claims/email, event.user.email);
}
};
But it hasn’t worked.
Also thought I could use “Get user info” to get the user details given the access token, before realising I don’t know how to get to the token in the Web Api.
Many forum posts advise about “rules” which are no longer available.
You can also rely on the sub claim included in the access and/or ID token. This is just the user’s ID in Auth0.
You have the right idea adding an email claim via an Action - You should be able to simplify it even further as email is not a restricted claim and can therefore be used directly:
I’ve simplified the action but am not getting the email address.
I’ve updated my Program.cs to read:
{
options.Domain = builder.Configuration["Auth0:Domain"];
options.ClientId = builder.Configuration["Auth0:ClientId"];
options.ClientSecret = builder.Configuration["Auth0:ClientSecret"];
options.Scope = "openid profile email";
}).WithAccessToken(options =>
{
options.Audience = "https://localhost:7251";
});
type or paste code here
So this should request the email scope…?
What I have noticed on the test page is that if the user is not logged in, an access token is still returned. I don’t understand how that can be. Is it possible I am not requesting an access token for the logged in user? This is how I am requesting it:
You’re thinking is exactly correct - This code is using a client credentials flow and therefore the access token returned is considered M2M (i.e. no user involved, just the authorized client). Are you using an Auth0 SDK at all on the web application side of things? I am unfortunately not a .NET expert, but the gist of it is outlined here in ASP .NET Core SDK example.