I need a bit of assistance…
I am trying to decode the idToken returned from auth0.webAuth.authorize() using the rect-native-auth0 SDK as I have included some custom claims via a Login Action Flow (external user ID and token for 3rd party API).
This is the function that I am calling in my React Native app to log the user in:
What I would like to do is decode the idToken after authorising, the store the custom claims externalId and externalToken alongside the users Auth0 token using my storeTokens() function (react-native-encrypted-storage library).
I am a bit of a coding novice so please go easy on me
This is my Login Action for reference, makePostRequestAsync() calls my API with event.user data, creates a user if one doesn’t exist and returns drftid and drfttoken to be added to login claims plus stored in Auth0 app_metadata:
As for your Post-Login Action, I noticed that it still needs a namespace to append your custom claims. In this case, you will need to create a namespaced custom claim, which can be any non-Auth0 HTTP or HTTPS URL as the namespace identifier.
However, be mindful that Auth0 domains cannot be used as a namespace identifier, which includes
Thank you @rueben.tiow I will give that a go in my React Native project now, is there any benefit to using one JWT.io libraries over another? I found jwt-decode - npm (npmjs.com) which looks like its pretty easy to use!
In the mean time though I quickly took a look at my React web project and noticed that const { user } = useAuth0(); object from the auth0/auth0-react SDK returns the claims successfully… don’t suppose you could save me a lot of Googling and help me extract them from the object - the namespace is not playing nicely when trying to set a const?
I have just tried that jwt-decode package in my React Native app and I can successfully access the custom id and token claims there too now - thank you for all of your help!
Next on my list is to try and replicate the React isAuthenticated and isLoading states that comes with auth0-react useAuthO hook in React Native so if a person force closes an app and opens it again they aren’t sent back to the logged out page - as far as I am aware, the react-native-auth0 SDK does not have these… is that right @rueben.tiow?
Thank you for the updates and I’m glad you were successfully able to decode the token in your app!
That is correct. The react-native-auth0 SDK only performs the authorization code flow with PKCE.
As mentioned in this issue, it is generally recommended and best practice to keep the user’s access token stored securely and use it while it’s valid (unexpired/unrevoked) to determine if the user’s session is active. If it becomes invalid, you have the option of renewing the session by requesting a new access token using a previously obtained refresh token.