Hi, not really an issue, more of a conceptional question.
I’m building a small (HEADLESS!!) API with a couple of routes which are protected by an Auth0-middleware. So far so good, the actual authentication seems to work. Without a valid user / token it’s not possible to login.
There are various parts within that small API where I want to access various user-properties, e.g. the user metadata or at least his name. So I wanted to include a retrieval of that data in the middleware as well.
Unfortunately I wasn’t able to find anything in the PHP SDK. The only thing I found was the $auth0->getUser() method which uses some kind of session-based handling. Since I’m building a stateless REST-API this is not really an option. So, I was looking for a way to use the JWT-Token to fetch user data.
Besides the permission scopes I was not able to get anything else. Is there any way of achieving that without having to use the management API?
You can add pretty much simple data to the token with a custom claim. You can also request an ID token, which is like an ID card for the user with their profile info.
Hi, Thanks for the answer. Unfortunately I only have an access_token from the client-side (using the angular auth0 sdk).
Now I have to go go one step back and find out how to validate an access-token. All the sample codes provided by your documentation are all to validate a JWT-token. It seems there is no way to generate an JWT-Token in the Angular Auth0-SDK. Any idea?
I see, you are talking about the token you sent from your frontend. That should be the access token.
An access token can be a JWT. JSON web token (JWT) is a format.
If you are sending the access token from your angular application, then it should be a JWT. Adding a custom claim to the token, you can add any data you would like. Please look at the doc I linked in my original reply.