How to Retrieve Username with Auth0-spa-js

I have turned on “Requires Username” toggle inside of my database connection. When I sign up, I see the username property, so that part works. However, when I call auth0.getUser() it doesn’t include the username property. So, how do I get it :slight_smile:

1 Like

Hey there James! :slight_smile:

I think this will be most effectively handled by reaching out directly to repo maintainers or through GitHub issue.

username isn’t a standard OIDC claim (section 5.1 https://openid.net/specs/openid-connect-core-1_0.html) so I believe it should be added via Rule to the ID token as custom claim.

function (user, context, callback) { 
  context.idToken['https://mynamespace/username'] = user.username; 
  callback(null, user, context);  
}

Alternatively, set it as preferred_username in a pre-user-registration hook, which is a standard claim, and request the preferred_username scope when doing the authorization request.

2 Likes

Thanks Mathias for sharing that!

1 Like

Ok great this gives me a good reason to try out a custom rule :slight_smile: One question. I understand we are adding the key/value pair of username to the idToken, but why is the key prefixed with “https://mynamespace”? Why is it not just “username”?

Reason for the required namespace is to avoid conflicts with OIDC standard claims.

See https://auth0.com/docs/tokens/guides/create-namespaced-custom-claims

By default, Auth0 always enforces namespacing; any custom claims with non-namespaced identifiers will be silently excluded from tokens.

We do allow non-OIDC claims without a namespace for legacy tenants using a non-OIDC-conformant pipeline with the Legacy User Profile enabled, but we strongly recommend that legacy tenants migrate to an OIDC-conformant flow.

Hmm, ya I just came across that. This adds a sub-optimal experience on the frontend. As I extract properties of the ID token, i wouldn’t want to reference it with that long of a string. Certainly works, but have you had any complaints about the developer experience of that?

I’m personally not aware of any complaints; I guess it depends on the libraries and SDKs you’re using to deal with tokens and extracting claims; maybe add a helper method in between that strips of the long string of a parsed token.

1 Like

Ya, adding a helper method makes sense. Anyways, this was super helpful. Thanks for all of your help!

2 Likes

Which is the best field to keep in the apps database? How can I get user_id?

Hi @ameliaclarkson291

welcome to the community.

Is your question related to the thread above? I don’t see the connection there. Also, the question isn’t very clear.

How can I get user_id?

From the client application via API? From within a Rule, or from with a token / JWT?

Which is the best field to keep in the apps database?

I guess that’s a database on your end? You’re generally free to choose any data schema you like.

But as said, the questions aren’t very clear to me. Maybe you can add some additional context for clarification. Thanks.

@ameliaclarkson291 please open a separate topic for your question as it isn’t connected with this one and please do provide us with more context. Thanks!