Using Go to check tokens, how can I get the email address?

I’m using react auth0 sdk, and I’m making a GET /users/me to my Go api.

I am wondering how I can get the email from the token. When I inspect my token on jwt.io, I see

{
  "nickname": "xxxxx",
  "name": "xxxxxx@xxxxxx.com",
  "picture": "...........",
  "updated_at": "2023-09-10T18:05:46.705Z",
  "email": "xxxxx@xxxxx.com",
  "email_verified": false,
  "iss": "........",
  "aud": ".............",
  "iat": 1694370629,
  "exp": 1694372429,
  "sub": "auth0|............",
  "sid": ".........",
  "nonce": "........"
}

Here’s my Go code-

type CustomClaims struct {
	Scope string `json:"scope"`
}

// Validate does nothing for this example, but we need
// it to satisfy validator.CustomClaims interface.
func (c CustomClaims) Validate(ctx context.Context) error {
	return nil
}

// EnsureValidToken is a middleware that will check the validity of our JWT.
func (h *Http) EnsureValidToken(next http.Handler) http.Handler {

	middleware := jwtmiddleware.New(
		h.jwtValidator.ValidateToken,
		jwtmiddleware.WithErrorHandler(h.jwtErrorHandler),
	)

	return middleware.CheckJWT(next)
}

Unfortunately here’s the JSON of what I get when I check what is added to the context -

{
    "CustomClaims": {
        "email": "",
        "scope": "openid profile email"
    },
    "RegisteredClaims": {
        "iss": ".........",
        "sub": "auth0|...........",
        "aud": [
            "com.myapp.api",
            "......../userinfo"
        ],
        "exp": 1694372429,
        "iat": 1694370629
    }
}
1 Like

Hey @KLP welcome to the community!

Thanks for the detailed description of what you’re seeing :slight_smile:

This is a decoded ID token whereas the token in your Go code is an access token - Are you adding email as a custom claim to the access token? If not, I believe that should do the trick. You’ll need to add it using a post-login action, something like:

exports.onExecutePostLogin = async (event, api) => {
  if (event.authorization) {
    api.accessToken.setCustomClaim('email', event.user.email);
  }
}

The email claim is not added to access tokens by default.

Keep us posted!

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.