Auth0 Home Blog Docs

Lock/JWT not returning email/profile. Chicken and egg problem

lock

#1

I am using lock v11 to authenticate in my SPA. In order to authenticate against my API backend, I need a JWT. In order to get a JWT returned instead of an opaque token, I need to set the audience to the url of an API from the auth0 dashboard. The JWT does not return the email or profile, even when set in the scope. Later on, calling https://myclient.auth0.com/userinfo fails (401) because https://myclient.auth0.com is not set as the audience. If I set the audience to https://myclient.auth0.com then I get a returned opaque token instead of a JWT.

const options = {
  auth: {
    audience: 'https://url.to/myapi',
    responseType: 'token id_token',
    params: {
      scope: 'openid email profile'
    }
  }

I guess my question is, how can I get the email and profile of a user returned inside of the JWT? All the docs point to setting the scope to “openid email profile”, but that does not work for me. Here is an example of the returned payload, with the scope set to “openid email profile”.

"idTokenPayload": {
	"iss": "https://blahblah.auth0.com/",
	"sub": "auth0|xxxxxxxxxx",
	"aud": "xxxxxxxxx",
	"iat": xxxxxxxx,
	"exp": xxxxxxxx,
	"at_hash": "xxxxxxxx",
	"nonce": "xxxxxxxx"
},