I am in the process of integrating user_metadata into the authentication result returned following authentication. It’s unclear how access_token and user_token are differentiated within rules - it seems claims are able to be added to both, but only access_tokens can be decoded by Auth0.js?
I’m following the Auth0 ReactJS quickstart tutorial uses the access_token returned from auth0 to retrieve user profile information like so:
getProfile(cb) {
let accessToken = this.getAccessToken();
this.auth0.client.userInfo(accessToken, (err, profile) => {
if (profile) {
this.userProfile = profile;
}
cb(err, profile);
});
}
This confuses me because according to Auth0’s documentation, ID_Token should be the mechanism encoding user profile information and not the access_token: auth0.com/docs/tokens/id-token:
The ID token, usually referred to in
our docs as id_token… contains user
profile information (like the user’s
name, email, and so forth),
represented in the form of claims.
Why isn’t there just an extension method of the Auth object that decodes user_id for this purpose?
Should I use the Node.js library listed on https://jwt.io/ to decode the id_token returned by Auth0 instead of following the flow in the quick start tutorial that uses access_token?
In the flow that the quick start documents send me down what is the purpose of the id_token? It seems that only access_token is relevant.