How to get user meta from /userinfo endpoint?

Hey everyone,

I’m trying to work out how to get user meta data as part of the profile returned by /userinfo.

This article aludes to it being possible but IMO does a pretty poor job of explaining the steps.

It says:

You can also use the GET /userinfo endpoint to get a user’s user_metadata, however, you must first write a Rule to copy user_metadata properties to the ID token.

That last sentence could definitely do with some elaboration. In any case, I went to Rules, created a rule from the “Move user metadata attributes to profile root attributes” template. I saved it. But I still don’t get user meta returned in the profile.

The same article also says:

Use the Auth0 Dashboard to configure application metadata which contains key/value pairs. To learn more, read Configure Application Metadata.

…suggesting (or at least I inferred) that it’s possible to instruct the application to pull in user meta via the Dashboard > Applications area. But again there’s no elaboration here.

What’s the best way to pull in user meta to the profile response from /userinfo?

Many thanks in advance for any help.

Hey again @kkrp1 !

I would use a post-login Action to add custom meta_data claims to tokens instead - I just verified the following works:

exports.onExecutePostLogin = async (event, api) => {
  const namespace = 'https://my-app.example.com';
  if (event.authorization) {
    api.idToken.setCustomClaim(`${namespace}/user_metadata`, event.user.user_metadata);
    api.idToken.setCustomClaim(`${namespace}/app_metadata`, event.client.metadata);
  }
};

Some more on custom claims in general:

Hope this helps!

Thanks for this! That works. Am I right that this should expose the meta data to the user info endpoint, rather than include the user meta directly within the JWT? That latter point would be great, as it would mean I don’t have to make an API call to Auth0 at all, but perhaps that’s not the done thing and again suggests my ignorance of JWT general practice!

No problem!

Yes, if you have the action code above configured to run on login then the metadata should be available in both the token(s) as well as userinfo.

Right, thanks. Is it possible (and this is probably my JWT noobness talking) to get the user meta added directly to the JWT, so I don’t even have to make the call to /userinfo?

That’s exactly what the code referenced above does - It adds existing user/app metadata as custom claims to tokens. Therefore you can get this directly from the jwt itself:

Hmm, that’s not my experience currently. What the code you provided did do was make the user meta suddenly available within the response to /userinfo. The JWT itself does not contain any meta data, so far as I can see.

To be clear, here’s what I’m doing.

	(async () => {

		//get client
		const auth0Client = await auth0.createAuth0Client({
			domain: '******',
			clientId: '******',
			cacheLocation: 'localstorage',
			authorizationParams: {
				redirect_uri: window.location.origin,
				audience: '******'
			}
		})

		//on login callback, strip out A0 QS params
		if (location.search.includes('state=') && (
			location.search.includes('code=') || 
			location.search.includes('error='))
		) {
			await auth0Client.handleRedirectCallback();
			window.history.replaceState({}, document.title, '/');
		}

		//logged in? Get auth token
		const isAuthenticated = await auth0Client.isAuthenticated();
		let token;
		if (isAuthenticated) token = await auth0Client.getTokenSilently({aud: '******'});

		//...

This produces a JWT which, when run through jwt.io, contains the below. Notice it doesn’t have the user meta in the payload, which is what I’m asking and I believe your previous reply said should be there.

The user meta doesn’t show up until I then use that token to call getUser(), which of course involves an API request to Auth0.