Passing user data from the initial authentication on to an API all

OliDow · April 21, 2021, 11:53pm

Hi

I am new to Auth0 and I’m sure I am missing something obvious but having issues related to getting profile information when calling an API.

My aim is to be able to authenticate with Auth0 (with an Auth0 user or a social provider) then pass the basic profile and email claims in the JWT when sending requests to an API.

When doing the initial authentication (scope: “openid profile email”) I am presented with the profile information I need, however when I call

getAccessTokenSilently({scope: "openid profile email"})

I get a accesstoken JWT that is very bare and does not include any of the profile data.

{"iss":"https://xxx.eu.auth0.com/","sub":"google-oauth2|123["http://localhost:3000","https://xxx.eu.auth0.com/userinfo"],"iat":1619047752,"exp":16191300004152,"azp":"S311aHK71RV9qvnfrxNM3ONKqNnaS1k6","scope":"openid profile email"}

Am I doing something unusual and should my process be realigned?
If no to the above then how do I enrich the token with the profile and email data?

Thanks in advance

dan.woda · April 22, 2021, 4:56pm

Hi @OliDow,

Welcome to the Community and to Auth0!

You can use the ID token for user profile, or exchange the access token to the /userinfo endpoint for the user profile.

Depending on where you want this info, you can choose which one of those options suits you.

OliDow · April 22, 2021, 10:06pm

Hi Dan

Thanks for the quick reply.

I need the user profile information on the API being called.

Am I able to do this exchange client side? Enrich the token sent to the API (second code block in the OP) with the information form the User token?
or
Would the best practice be to call the /userinfo endpoint you mentioned directly from the endpoint after it is called?

I guess I am just curious of what your the best practice is for getting claims from the initial first time authentication available on API endpoints being called.

Thanks again

dan.woda · April 23, 2021, 3:23pm

The tokens are immutable. If you change anything in it then the signature will no longer match the payload and you cannot validate the token.

You are probably best off calling the /userinfo endpoint to get the user’s profile from your backend API.

This doc does a good job of explaining the differences between the two and their uses.

https://auth0.com/docs/tokens

system · May 8, 2021, 3:23pm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Am I doing this right? Help	2	2374	July 14, 2020
Get user info from access token without access point /userinfo Help jwt , userinfo , email	7	13155	October 11, 2019
Downsides to using `userinfo` endpoint instead of express-jwt? Help jwt , auth0	3	3577	March 11, 2020
/userinfo API returns 401 Unauthorized JWT.io auth0 , api	6	1970	May 27, 2023
accessToken doesn't include any identity info (user_id) Help jwt , auth0 , identity	4	3570	September 16, 2022

Passing user data from the initial authentication on to an API all

Related Topics