Hi,
I was wondering that is is possible with Auth0 API’s to get a new token with user information in it.
Currently we have an API.net web application that uses the Lock login screen hosted by Auth0 that an user uses to login.
After login, a JWT token is retrieved and we get the user info. However we need a JWT token for that user to authenticate on the other API (not third-party), without entering the email and password again.
And even more; it should be possible to add some sort of additional metadata in that token. The metadata (or claims) will contain specific permissions that the user might have on the other API. Scopes are not sufficient as we need to add ID’s of resources to the token.
E.g.
{
"given_name": "John",
"family_name": "Doe",
"custom_access_to_countries": [ "nl", "de", "be" ]
}
The API should then let the user access all countries that are in that custom claim.
Thank you,
Mathijs