I have a front end web-app & a backend api. On the backend api, I want to get the current users email.
Currently, on the web-app, I have a Access_Token
and a Id_Token
The Access_Token is what I need to authenticate for the api, but it does not have the user info that I need (email)
The Id_Token
can be decrypted to get the users email
Here is the functionality that I want: If someone hits GET /friends
My API will only fetch the friends for the currently authenticated user
What is the best way do this? The options I thought of so far:
- Send both the
Access_Token
andId_Token
to the API, and decrypt theId_Token
for the user data - Send only the
Access_Token
, then use theAccess_Token
on the API to request a newId_Token
from auth0 - On the web-app, decrypt the
Access_Token
, add the email to it, then encrypt
Thanks in advance for any help!