SPA with API (Django) get user information


I followed the tutorial for the backend with a django API. The issue I have is when authenticating the user within the jwt_get_username_from_payload_handler method. If I use a Username-Password-Authentication the username will be auth0.somerandomhexadecimalstring. Today theses user are also stored in a local database.

I’d like to get the user info to store those users properly with name, email, etc. I only have the access token as an input.

My first thought would be to add the /userinfo endpoint in the audience and the profile and email scope in my SPA. I would then use the access token to get the info when authenticating user. This is quite hard though since I do not have access to the access token at that point in the code, just the payload. I do not see any clean way to do it with djangorestframework-jwt. However it seems to be the proper way.

Another way would be giving access to my backend app to a read access to all users info and to access it as itself whenever needed. I’d rather go with a per user authorization but this one seems simpler to implement.

At last I could send the id token but this is clearly not recommended

What do you think is the best way to get and parse the user information within my API ? For the first solution, does someone has an idea on how to do this with Django Rest Framework JWT ?


Hey there!

Sorry for such delay in response! We’re doing our best in providing the best developer support experience out there, but sometimes the number of incoming questions is just too big for our bandwidth. Sorry for such inconvenience!

Do you still require further assistance from us?