Issue with user information after updating Auth0 Java libraries

anders.johansson · May 26, 2017, 8:51pm

Hi there.

i have been using
auth0-spring-security-api, version: 0.3.2
together with
auth0, version: 0.4.0

In my java backend i have been using the following lines of code to access the id_token and call method to access the user name

Authentication auth = SecurityContextHolder.getContext().getAuthentication();
String userName = auth0Client.getUsername((Auth0JWTToken) auth);

getUser name looks like this:

public String getUsername(Auth0JWTToken token) {
final Request<UserProfile> request = client.tokenInfo(token.getJwt());
final UserProfile profile = request.execute();
return profile.getEmail();

when i uppdate to
auth0-spring-security-api, version: 1.0.0-rc.2
together with
auth0, version: 1.1.0

the method i have been using is not valid can some one help me?
i have been trying to access the email with the following snippets

Authentication auth = SecurityContextHolder.getContext().getAuthentication();
    	String userName = auth0Client.getUsername(auth.getCredentials().toString());

and

public String getUsername(String token) {
    	Request<UserInfo> request = auth0.userInfo(token);
    	String email;
    	try {
    	    UserInfo info = request.execute();
    	    System.out.println(info.toString());
    	} catch (APIException exception) {
    		System.out.println(exception.toString());
    	} catch (Auth0Exception exception) {
    		System.out.println(exception.toString());
    	}
        return email;
    }

but it gives me a 400 or a 401 error. any suggestions on whats going wrong or how i can do it different?

jmangelo · May 29, 2017, 9:08pm

The previous version was using the tokenInfo method which maps to a specific endpoint that receives an ID token. The updated code now uses userInfo method which maps to the /userinfo endpoint specified as part of OpenID Connect.

The /userinfo endpoint needs to be called with an appropriate access token instead of an ID token. It’s likely that you’re still trying to pass the same token (ID token) as you were passing to the previous method and as such this will result in a failed request.

anders.johansson · May 30, 2017, 12:00am

ok so i have to get an access token sent from the frontend code or is ther a way in the java libary to request access_token from id_token?

jmangelo · May 31, 2017, 6:25pm

It depends on exact characteristics of your application. In general, it’s not recommended to send ID tokens to an API as authorization mechanism so if you’re doing that you may need to consider bigger changes.

anders.johansson · June 2, 2017, 11:11am

Thanks. we swapped the old id_token for access_token so now i have no problem with geting the user information from serverside but i have also implemented the spring security api and before i was able to use the
.authorizeRequests() to make sure that the client that made the request was authorized but that don’t seem to work now any suggestions on what’s going wrong there?

Topic		Replies	Views
Isue with auth0-java calling the userinfo endpoint Help auth0-java	2	5119	March 2, 2018
Spring Auth0 getting "401 unauthorized" Help token , api , spring	4	9992	August 9, 2019
How to get user info after validating JWT token? Help jwt , auth0	3	5029	June 10, 2020
Confusion on /userinfo vs. /api/v2/users/{id} apis Help management-api , users	6	1272	September 14, 2023
User info from a Acess Token Help	4	2673	February 14, 2020

Issue with user information after updating Auth0 Java libraries

Related Topics