Hey Dan,
So while I have managed to get a local copy of my cert to verify the token is valid, I’m now stuck needing to make a different HTTP request to get the user’s information. Why do I need to make two HTTP calls just to get a logged in user’s email address? Is there a way for me to get the user’s email address back in the token when they log in instead of getting a token that I then need to send off in it’s place, to get another token containing the email?
For more context, I have a very simple application. I want to use google signin via auth0 in my client, then send that token to the server with every request in order to validate which user is logged in (via email address), so that i can allow and restrict access to endpoints based on their role. This is going to be hosted on Lambda, so I can’t afford the additional latency of making an outbound HTTP call with every single request my server receives.
Given this is an incredibly common use case, I don’t understand why the auth-0-spa.js plugin doesn’t give me access to a token I can use to facilitate this. If I’m misunderstanding something, please let know where the confusion is.