I followed the tutorial for the backend with a django API. The issue I have is when authenticating the user within the
jwt_get_username_from_payload_handler method. If I use a Username-Password-Authentication the username will be
auth0.somerandomhexadecimalstring. Today theses user are also stored in a local database.
I’d like to get the user info to store those users properly with name, email, etc. I only have the access token as an input.
My first thought would be to add the
/userinfo endpoint in the audience and the profile and email scope in my SPA. I would then use the access token to get the info when authenticating user. This is quite hard though since I do not have access to the access token at that point in the code, just the payload. I do not see any clean way to do it with djangorestframework-jwt. However it seems to be the proper way.
Another way would be giving access to my backend app to a read access to all users info and to access it as itself whenever needed. I’d rather go with a per user authorization but this one seems simpler to implement.
At last I could send the id token but this is clearly not recommended
What do you think is the best way to get and parse the user information within my API ? For the first solution, does someone has an idea on how to do this with Django Rest Framework JWT ?