However, I now need to access user_metadata and app_metadata so from what I can tell that requires accessing the Management API.
Does the spa-js not have a way of doing this natively? Do I need to redo my application auth to use NodeJS apis instead? I feel like if there’s a way to do it, it would be in the getUser function
Looking at this page, it seems like I have to make a post everytime I need to get this token?
Is this really going to generate a new token everytime someone hits the page?
I’m using Angular and it is getting really frustrating because it seems like this is all node based and not actually SPA based. Do I need to redo my application’s authentication in order to work with Auth0? I want to use the auth0-spa-js because it seems like that’s what its written for.
This seems like a serious hurdle to overcome if I have to implement my own node api backend for these types of calls.
I’ve gone down the same rabbit hole of Auth0 docs with no end in sight. I don’t know why the user_meta and app_meta don’t come down in the getUser method but I can’t find a way to get it using the SPA SDK.
Any help from someone at Auth0 would be super helpful! Currently having to store partial records in our own DB so we could launch and it’s a pain.
it’s important to understand the difference between app_metadata and user_metadata as described here.
That said, it is possible for an end user to request an access token that is valid for the Auth0 Management API from within a SPA, however, that comes with limited scopes, i.e. you can only request user_metadata of your own user but not app_metadata, and obviously also no information about other users.
Therefore, two approaches, the first one being the easiest imo:
Option: Create a rule and add the info as custom claims into the ID token.
Option (but unnecessary more complex): Request an access token for the Auth0 management API (via respective audience option parameter in the request), with the value of https://YOUR_TENANT.auth0.com/api/v2/, which can be used to request user information.
This may sound kind of over the top, but with everything else going on in the world right now you reaching out with help means a lot more than you might imagine.
I’m going to check out writing a rule like you suggested in the next day and hopefully it will get me to where I need to be.
I just got this working without any significant changes on a Vue SPA (@auth0/auth0-spa-js). Just have to create a rule that copies the metadata to the idToken. This was helpful: Sample Use Cases: Scopes and Claims