SPA with Backend API - get email in JWT

Hi guys,

I am trying to implement Auth0 into my Angular SPA with ASP.NET Core API backend. I am failing on getting user email on serverside from JWT. It is simply not in claims. Only user identifier I receive is auth0|5e62d40ee7bxxxxxxxxxxxxxxxx.

I also followed couple of posts here like ‘use custom rule’ which did not help:

function (user, context, callback) {
  
  // context.accessToken.email = user.email;
  context.accessToken['xxxxx.email'] = user.email;
  // context.accessToken['my-account.eu.auth0.com.email'] = user.email;
	
  callback(null, user, context);
}

None of this helped. What I am doing wrong?
Thanks!

Hi @luke1988,

your namespacing is wrong, the namespace must be a proper url, such as:

context.accessToken['http://my-namespace/email'] = user.email

Namespaces are arbitrary identifiers, so technically you can call your namespace anything you want. However, using the URI of a resource you control is conventional (following the way XML namespaces are defined).
(https://auth0.com/docs/tokens/guides/create-namespaced-custom-claims)

Just wondering, why do you need the email in the access token? Is that the reference your using on your backend to link a user, instead of the sub claim?

Thank you for your time during weekend.

Why I need email: I am implementing Auth0 to existing app which has backend API built on top of user identity in form of email. Anything that API uses is queried using user email.

So, without an email I have to either rewrite whole API or add some sort of middleware which takes sub (Auth0 internal user ID) and lookup in dbo select email from dbo.users where auth0_id = {{id from jwt}}

Both options are lets say… not ideal :slight_smile:

Oh wait… namespace must be a valid URL but is somehow related with Audenice or settings in Auth0? Or it could be literally http://my-namespace/email ?

1 Like

It can be anything, doesn’t have to match the audience, can even be literally the example URL I put above.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.