I’ve been reading many posts and tutorials (thanks for the effort, they are great!), but I didn’t found any single one that said: If you want to get/set app_metadata and user_metadata, without breaking the OIDC standard, this is how it’s done.
Because many of the tutorials/answers solutions was to break the OIDC compliance using rules, like if there is no other way…
My context is: I have a SPA in Angular and a Lambda backend of nodejs functions.
And the simple question is: How can I get the app_metadata and the user metadata in the backend without breaking the OIDC standard?
I guess it should be done using the management API, but again, it’s not clear to me how to create an API the right way.