I had been happily using Lock and v7 and getting various metadata (user_metadata, app_medatada, etc.) in the JWT token from my SPA to my API endpoint.
I’m moving to using Auth0.js and v8, which isn’t going well. I understand that even for apps that aren’t marked OIDC compliant, only OIDC scopes are encoded in the JWT.
I don’t understand what the workarounds for this new limitation are. I suppose I could build serverside logic to get the user profile, but that will slow things down and add auth0 complexity on the server endpoint which I’d rather not have.
I read on various bugs and tickets that it’s also possible to do so with rules. Any pointers as to how to do that? My feeble attemp:
function (user, context, callback) {
user.user_metadata = user.user_metadata || {};
user.app_metadata = user.app_metadata || {};
user.drink = "lemonade";
user.sport = "soccer";
callback(null, user, context);
}
isn’t working because it seems user.user_metadata is null by the time it gets to this function.
There’s also been suggestions to use loginWithResourceOwner
, but that isn’t documented AFAICT and appears to be on the path to deprecation.
Any help appreciated.