Using Go to check tokens, how can I get the email address?

I’m using react auth0 sdk, and I’m making a GET /users/me to my Go api.

I am wondering how I can get the email from the token. When I inspect my token on jwt.io, I see

{
  "nickname": "xxxxx",
  "name": "xxxxxx@xxxxxx.com",
  "picture": "...........",
  "updated_at": "2023-09-10T18:05:46.705Z",
  "email": "xxxxx@xxxxx.com",
  "email_verified": false,
  "iss": "........",
  "aud": ".............",
  "iat": 1694370629,
  "exp": 1694372429,
  "sub": "auth0|............",
  "sid": ".........",
  "nonce": "........"
}

Here’s my Go code-

type CustomClaims struct {
	Scope string `json:"scope"`
}

// Validate does nothing for this example, but we need
// it to satisfy validator.CustomClaims interface.
func (c CustomClaims) Validate(ctx context.Context) error {
	return nil
}

// EnsureValidToken is a middleware that will check the validity of our JWT.
func (h *Http) EnsureValidToken(next http.Handler) http.Handler {

	middleware := jwtmiddleware.New(
		h.jwtValidator.ValidateToken,
		jwtmiddleware.WithErrorHandler(h.jwtErrorHandler),
	)

	return middleware.CheckJWT(next)
}

Unfortunately here’s the JSON of what I get when I check what is added to the context -

{
    "CustomClaims": {
        "email": "",
        "scope": "openid profile email"
    },
    "RegisteredClaims": {
        "iss": ".........",
        "sub": "auth0|...........",
        "aud": [
            "com.myapp.api",
            "......../userinfo"
        ],
        "exp": 1694372429,
        "iat": 1694370629
    }
}
1 Like

Hey @KLP welcome to the community!

Thanks for the detailed description of what you’re seeing :slight_smile:

This is a decoded ID token whereas the token in your Go code is an access token - Are you adding email as a custom claim to the access token? If not, I believe that should do the trick. You’ll need to add it using a post-login action, something like:

exports.onExecutePostLogin = async (event, api) => {
  if (event.authorization) {
    api.accessToken.setCustomClaim('email', event.user.email);
  }
}

The email claim is not added to access tokens by default.

Keep us posted!