How to get more metadata in JWT using Auth0.js v8?

David_Ascher · May 26, 2017, 11:14am

I had been happily using Lock and v7 and getting various metadata (user_metadata, app_medatada, etc.) in the JWT token from my SPA to my API endpoint.

I’m moving to using Auth0.js and v8, which isn’t going well. I understand that even for apps that aren’t marked OIDC compliant, only OIDC scopes are encoded in the JWT.

I don’t understand what the workarounds for this new limitation are. I suppose I could build serverside logic to get the user profile, but that will slow things down and add auth0 complexity on the server endpoint which I’d rather not have.

I read on various bugs and tickets that it’s also possible to do so with rules. Any pointers as to how to do that? My feeble attemp:

function (user, context, callback) {
  user.user_metadata = user.user_metadata || {};
  user.app_metadata = user.app_metadata || {};
  user.drink = "lemonade";
  user.sport = "soccer";
  callback(null, user, context);
}

isn’t working because it seems user.user_metadata is null by the time it gets to this function.

There’s also been suggestions to use loginWithResourceOwner, but that isn’t documented AFAICT and appears to be on the path to deprecation.

Any help appreciated.

prashantT · May 26, 2017, 11:18am

Please read through the following document which outlines how to add custom claims to the id_token or access_token: OpenID Connect Scopes

David_Ascher · May 26, 2017, 12:56pm

Thanks for this link, it seems almost useful.

I’ve created and enabled a rule based on this, but I don’t understand how to capture the stuff that is normally in the profile. A line like:

context.idToken[namespace + 'app_meta_data'] = user. app_metadata

doesn’t work because the user object is stripped of attributes like app_metadata before it gets passed to the function, as far as I can tell.

prashantT · May 29, 2017, 5:11am

Metadata should be present in the user object in Rules. Could you please try adding a console.log statement at the beginning of the Rule, and monitor the output using the Realtime Webtask logs extension.

console.log(JSON.stringify(user));

Please let me know whether you can see user_metadata and app_metadata in the user profile.

David_Ascher · May 29, 2017, 6:05am

Hmm, I do indeed see user_metadata and app_metadata there. Will dig in more. Thank for the debugging advice.

Topic		Replies	Views
Enable user_metadata and app_metadata on JWT token JWT.io app_metadata , user_metadata	6	13154	August 19, 2019
Adding metadata to jwt token Help jwt , rules , user-metadata	4	19591	September 30, 2020
Extract user_metadata & app_metadata Help jwt	4	2577	October 28, 2021
Unable to get user_metadata or app_metadata or any custom scope Help apis , application	0	311	February 24, 2024
How to get app_metadata and user_metadata THE RIGHT WAY Help jwt , auth0 , login , access-token	2	17301	October 21, 2019

How to get more metadata in JWT using Auth0.js v8?

Related topics