Getting user_metadata with auth0-spa-js?

mathiasconradt · March 24, 2020, 6:04pm

it’s important to understand the difference between app_metadata and user_metadata as described here.

That said, it is possible for an end user to request an access token that is valid for the Auth0 Management API from within a SPA, however, that comes with limited scopes, i.e. you can only request user_metadata of your own user but not app_metadata, and obviously also no information about other users.

Therefore, two approaches, the first one being the easiest imo:

Option: Create a rule and add the info as custom claims into the ID token.
Option (but unnecessary more complex): Request an access token for the Auth0 management API (via respective audience option parameter in the request), with the value of https://YOUR_TENANT.auth0.com/api/v2/, which can be used to request user information.

Topic		Replies	Views
Include roles in /api/v2/users? Get Help api	2	3748	May 8, 2020
Using Management API from a Login of a SPA Get Help auth0 , api , login	3	2829	May 12, 2021
Help understanding the use of Management API Get Help	5	5855	June 25, 2019
Confusion as how to get user roles from Angular SPA Get Help auth0 , roles , auth0-spa-js	2	7609	August 11, 2020
SPA+API+User Profiles - Confused Get Help	2	3554	July 25, 2019

Getting user_metadata with auth0-spa-js?

Related topics