Retrieve additional user-informations during the token-validation in a middleware[BABBPM-3]

irtech · October 12, 2020, 3:30pm

Hi, not really an issue, more of a conceptional question.

I’m building a small (HEADLESS!!) API with a couple of routes which are protected by an Auth0-middleware. So far so good, the actual authentication seems to work. Without a valid user / token it’s not possible to login.

There are various parts within that small API where I want to access various user-properties, e.g. the user metadata or at least his name. So I wanted to include a retrieval of that data in the middleware as well.

Unfortunately I wasn’t able to find anything in the PHP SDK. The only thing I found was the $auth0->getUser() method which uses some kind of session-based handling. Since I’m building a stateless REST-API this is not really an option. So, I was looking for a way to use the JWT-Token to fetch user data.

Besides the permission scopes I was not able to get anything else. Is there any way of achieving that without having to use the management API?

dan.woda · October 14, 2020, 8:07pm

Hi @irtech,

Welcome to the Community!

You can add pretty much simple data to the token with a custom claim. You can also request an ID token, which is like an ID card for the user with their profile info.

irtech · October 14, 2020, 9:59pm

Hi, Thanks for the answer. Unfortunately I only have an access_token from the client-side (using the angular auth0 sdk).

Now I have to go go one step back and find out how to validate an access-token. All the sample codes provided by your documentation are all to validate a JWT-token. It seems there is no way to generate an JWT-Token in the Angular Auth0-SDK. Any idea?

dan.woda · November 3, 2020, 7:21pm

@irtech,

I see, you are talking about the token you sent from your frontend. That should be the access token.

An access token can be a JWT. JSON web token (JWT) is a format.

If you are sending the access token from your angular application, then it should be a JWT. Adding a custom claim to the token, you can add any data you would like. Please look at the doc I linked in my original reply.

system · November 3, 2020, 7:21pm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.