No basic user information in idToken


I’m probably doing something wrong, but I have spent a little bit of time on this and I’m not sure what is that I’m doing wrong. So my problem is that my idToken looks like this:
“iss”: “https://[ignore]”,
“sub”: “auth0|5ead58c73534cb0be98ed2e1”,
“aud”: “T8H6biOIbij962Gsgi6yilGDeYyIx6ni”,
“iat”: 1588602964,
“exp”: 1588638964

There is no personal information at all. I even edited the metadata fields for a user to add a name and it does not appear. Reading documentation it makes it sound like all that information should just be there. There is even a section where a tokenId model is presented and says to log in to have it applied l to your app, which I did. But all I get is the type of jwt token showed above.

Help please.

Hey @jadzya

If you copy and paste the ID Token into, do you see just the claims above or do you see what you’re expecting to see?

If not, do you have any rules configured that could be affecting your ID token?

Hope this helps

Hi, thank you for coming back to me.

What is posted above are all the fields I see. I did not do anything special, other than actually adding a name field to both the metadata boxes for that specific user, field that of course I still don’t see.
That’s what I was saying it looks like it should work out of the box, but it doesn’t for me. I must be missing something basic.

I created another user, did not do anything on it other than editing name to not be the email and made sure the email was verified as well. Still the same. only those 5 fields above…

Hey @jadzya

First thing to check are the scopes you are requesting - are you just requesting the openid scope or are you also including email and profile? If you’re just requesting the openid scope, please add email and profile to the request to the authorize endpoint

If you are requesting scopes of openid profile email and it’s still not working then I would check your logs in Logs > Search to see if any errors are shown there.

Hope this helps!

I’m sorry there might be a confusion here. Let me describe the flow a little cause you might think I’m doing more than I am.

So when you try to reach a page on my website it will check if your session is authorized (java code is
String accessToken = (String) SessionUtils.get(req, “accessToken”);
String idToken = (String) SessionUtils.get(req, “idToken”); ), if yes then you will be allowed to continue, if not you will be taken to the auth0 authentication page, you log in, the callback gets a code, you get an accessToken and an idToken in exchange for that code (java code is Tokens tokens = authenticationControllerProvider.getInstance().handle(req, res):wink: and that is it.

It is this idToken that has the data I mentioned in the post. Was I supposed to do something else? Hit some other endpoint in order to get the rest of the user profile data? Or is it just some extra configuration I need to do somewhere in order to get the rest of the profile data into this idToken?

Thank you very much for taking the time to help me

Is it possible to generate a HAR file please, to see what is being passed to the endpoints?

Please ensure any sensitive info such as tenant url, client identifiers and secrets are removed before posting! :slight_smile:

(Edited to make clear to send HAR by private message, thanks Konrad!)

And please guys do not share the HAR files here in the thread but rather via private message. Thank you!

1 Like

Hey @jadzya,

Thanks for sending the HAR file over. I’m replying here rather than in the PM in case the answer may help someone else.

The request your application is making to the /authorize endpoint is sending the scope parameter, but is only sending openid as the value:


You will need to change this to …&scope=openid profile email&… to get the claims you’re looking for in the ID token.

The docs below shows the claims that are returned by each scope requested:

Hope this helps

Yes, it helped a lot, sending me into the right direction. It wasn’t immediate to find the fix cause I was expecting it to be on the AuthenticationController builder, but it is actually on the AuthorizeUrl builder:

String authorizeUrl = authenticationControllerProvider
    .buildAuthorizeUrl(req, res, redirectUri)
    **.withScope("openid profile email")**

You are a life savior. Thank you very very much.

All the best

1 Like

Perfect! Glad that you have it working now @jadzya!

1 Like