I’ve been trying all sorts of different lock configurations to get the token passed back to contain some user identification (user id, email, anything) in it. But no matter what, I only get standard claims back. I’ve tried hitting /userinfo?access_token= and /userinfo with header Authorization: Bearer but they always return 401 Unauthorized. Any help appreciated…
My current lock setup:
var lock = new Auth0Lock('jxxOfzH96mlsNTs2rGLm7ypYwwGQ_2_T', 'datafy.auth0.com', {
oidcConformant: true,
auth: {
redirectUrl: 'http://localhost:8080/data',
responseType: 'id_token token',
audience: 'http://localhost:8080',
params: {scope: 'openid profile email user_metadata app_metadata picture'}
}
});
claims:
sub, "fWx0YkCMenKI4pLyf9wa3op8NqE7hjLq@clients"
aud, "localhost:8080"
scope, ""
iss, "https://datafy.auth0.com/"
exp, 1496424656
iat, 1496338256
The audience
parameter is only if you have configured an API, and require an access token in order to make calls to the API. If you do not have an API configured, try removing this parameter.
The sub
claim in the id_token will be the unique ID of the user. More information regarding the ID token claims are available here:
Thanks @prashant I do have an API configured. I have also tried removing the audience and pointed to a Client but it still gives the same claims. I believe the token I have is an access_token? I recognized my sub claim as the clientId of the API I called?
I read debugging can help reading the HAR? But I’m not sure which endpoint would be best to check? Also the file generated is too big to attach here?
I realized the callback has the accessToken and idToken in the URL as an anchor tag? Which shows I was mixing up accessToken and idToken. But using the accessToken at /userInfo gives me everything I need. Although I’m not sure why I’m getting that info as an anchor tag in the callback?
This was my own fault, but after understanding the above information I was able to resolve the problem. Thanks!