Redirect users to Auth0 profile edit page

zedeleyici · December 21, 2023, 7:10pm

Hello everyone!

So we were developing a mini website for some mini project, then we decided to have a profile edit page. I checked out and came out with this code:

def auth0_user_profile(request):
    session_data = request.session.get('session_id')
    id_token = session_data.get('id_token') if session_data else None


    if id_token: 
        jwk_set = oauth.auth0.fetch_jwk_set()
        user_data = jwt.decode(id_token, jwk_set)
        user_id = user_data.get('sub')       


        if user_id:
            #auth0_profile_url = f"https://OURTENANTNAME.auth0.com/userinfo?user_id={user_id}"
            auth0_profile_url = f"https://settings.cageda.auth0.com/userinfo?user_id={user_id}"

            return redirect(auth0_profile_url)
        
        else:
            messages.error(request, 'Unable to access profile page.')

This is written in ‘views.py’ - default file in Django development. Also, I added the corresponding url to ‘urls.py’ as

path(‘profile/’, views.auth0_user_profile, name=‘auth0_user_profile’),

However, when I click the button assigned for this function, I see an error as

URIError: Failed to decode param '/%7B%%20url%20'auth0_user_profile'%20%%7D'
    at decodeURIComponent (<anonymous>)
    at decode_param (C:\Users\MYCOMPUTER\Desktop\PROJECT\frontend-app\node_modules\express\lib\router\layer.js:172:12)
    at Layer.match (C:\Users\MYCOMPUTER\Desktop\PROJECT\frontend-app\node_modules\express\lib\router\layer.js:123:27)
    at matchLayer (C:\Users\MYCOMPUTER\Desktop\PROJECT\frontend-app\node_modules\express\lib\router\index.js:585:18)
    at next (C:\Users\MYCOMPUTER\Desktop\PROJECT\frontend-app\node_modules\express\lib\router\index.js:226:15)
    at expressInit (C:\Users\MYCOMPUTER\Desktop\PROJECT\frontend-app\node_modules\express\lib\middleware\init.js:40:5)
    at Layer.handle [as handle_request] (C:\Users\MYCOMPUTER\Desktop\PROJECT\frontend-app\node_modules\express\lib\router\layer.js:95:5)
    at trim_prefix (C:\Users\MYCOMPUTER\Desktop\PROJECT\frontend-app\node_modules\express\lib\router\index.js:328:13)
    at C:\Users\MYCOMPUTER\Desktop\PROJECT\frontend-app\node_modules\express\lib\router\index.js:286:9
    at Function.process_params (C:\Users\MYCOMPUTER\Desktop\PROJECT\frontend-app\node_modules\express\lib\router\index.js:346:12)

So, how can I solve this and redirect my users to their corresponding profile page in Auth0 domain? Is it possible, right?

dawid.matuszczyk · December 21, 2023, 7:35pm

Hi @zedeleyici

Welcome to the Auth0 Community!

Thank you for posting your question. It looks like there is a problem with URL encoding. Can you check (print, for example) the content of the jwt before it has been decoded (I assume this function raises this error)? When you capture the JWT you can check to content on the jwt.io website.

Dawid

zedeleyici · December 21, 2023, 7:57pm

Additional note: I used the same jwk_set to check email verification 1 month ago as:

id_token = token.get('id_token')
jwk_set = oauth.auth0.fetch_jwk_set()
user_info = jwt.decode(id_token, jwk_set)

if not user_info.get('email_verified'):
    messages.error(request, 'You must verify your email to log in.')
    return redirect('http://localhost:3000/callback')

dawid.matuszczyk · December 21, 2023, 8:08pm

JWK_SET is a JSON Web Key Set and it is a set of keys containing the public keys used to verify any JSON Web Token (JWT) issued by the Authorization Server and signed using the RS256.

I’ve double-checked the Authentication API and the proper way to get /userinfo is via ACCESS_TOKEN in the Header ‘Authorization: Bearer {ACCESS_TOKEN}’ you may need to adjust your code for that https://auth0.com/docs/api/authentication#get-user-info

zedeleyici · December 21, 2023, 8:15pm

Yes but this does not help me about redirecting the user-corresponding profile page for users to edit their pages, without any action from the administrator. I see the point, but still, I need user_id for the url part of my code, yet still don’t have with this information. So, maybe I can’t see the point but this is what I think. Sorry:(

dawid.matuszczyk · December 21, 2023, 8:56pm

The topic has been discussed in the DMs.

The answer to the original question is that there’s no premade by Auth0 separated page for editing user profiles. The best way to achieve this is to fetch the details from the /userinfo endpoint, show them to the user, and update them by calling Management API to update a user profile.

Auth0 Management API v2

system · January 4, 2024, 8:57pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.