Hi, this is probably some misconfiguration on my part, but can’t figure out what’s wrong.
I have a single-page application written in Vue3, which authenticates with Auth0, and then calls an API built with Spring Boot and okta-spring-boot-starter. It works well - the SPA can call the API with the access token we get.
However! While I can see that the user information as specified in the scope is available on the front end in the SPA (such as name and email address), I can’t figure out how to get this information in the API application.
The audience when getting the token in the frontend is set to the API identifier, and the same audience is configured in the API application.
The user information in the frontend is pulled from the ID Token, whereas the token sent to the API is the Access Token.
As the name implies, the ID Token contains information about the user’s identity. While the Access Token contains information about the user’s access. Typically, the latter does not contain information about the user’s identity, but that does not mean it’s not possible (it’s just not provided by default)
If you want to get access to profile information in the API through the Access Token, you can either do:
The above should ensure the Access Token has 3 new claims, containing the corresponding values which you can then retrieve in any API receiving that access token.
Well, I thought this was how it was done, and had implemented a call to the /userinfo endpoint. Turns out my code was wrong, and it was a minor change to fix it!
Thanks for your help
Here’s the code for the next person that comes looking:
fun getUserInfo(authentication: org.springframework.security.core.Authentication?): String {
val jwtAuthToken = authentication as JwtAuthenticationToken
val accessToken = jwtAuthToken.token.tokenValue
// Create headers with the Bearer token
val headers = HttpHeaders()
headers.setBearerAuth(accessToken)
// Use RestTemplate to call the userinfo endpoint
val restTemplate = RestTemplate()
val entity: HttpEntity<Any> = HttpEntity(headers)
val response = restTemplate.exchange(
"https://<whatever>>.auth0.com/userinfo",
HttpMethod.GET,
entity,
String::class.java
)
return response.body
}