Using Go to check tokens, how can I get the email address?

KLP · September 10, 2023, 6:37pm

I’m using react auth0 sdk, and I’m making a GET /users/me to my Go api.

I am wondering how I can get the email from the token. When I inspect my token on jwt.io, I see

{
  "nickname": "xxxxx",
  "name": "xxxxxx@xxxxxx.com",
  "picture": "...........",
  "updated_at": "2023-09-10T18:05:46.705Z",
  "email": "xxxxx@xxxxx.com",
  "email_verified": false,
  "iss": "........",
  "aud": ".............",
  "iat": 1694370629,
  "exp": 1694372429,
  "sub": "auth0|............",
  "sid": ".........",
  "nonce": "........"
}

Here’s my Go code-

type CustomClaims struct {
	Scope string `json:"scope"`
}

// Validate does nothing for this example, but we need
// it to satisfy validator.CustomClaims interface.
func (c CustomClaims) Validate(ctx context.Context) error {
	return nil
}

// EnsureValidToken is a middleware that will check the validity of our JWT.
func (h *Http) EnsureValidToken(next http.Handler) http.Handler {

	middleware := jwtmiddleware.New(
		h.jwtValidator.ValidateToken,
		jwtmiddleware.WithErrorHandler(h.jwtErrorHandler),
	)

	return middleware.CheckJWT(next)
}

Unfortunately here’s the JSON of what I get when I check what is added to the context -

{
    "CustomClaims": {
        "email": "",
        "scope": "openid profile email"
    },
    "RegisteredClaims": {
        "iss": ".........",
        "sub": "auth0|...........",
        "aud": [
            "com.myapp.api",
            "......../userinfo"
        ],
        "exp": 1694372429,
        "iat": 1694370629
    }
}

tyf · September 12, 2023, 10:38pm

Hey @KLP welcome to the community!

Thanks for the detailed description of what you’re seeing

KLP:

{
  "nickname": "xxxxx",
  "name": "xxxxxx@xxxxxx.com",
  "picture": "...........",
  "updated_at": "2023-09-10T18:05:46.705Z",
  "email": "xxxxx@xxxxx.com",
  "email_verified": false,
  "iss": "........",
  "aud": ".............",
  "iat": 1694370629,
  "exp": 1694372429,
  "sub": "auth0|............",
  "sid": ".........",
  "nonce": "........"
}

This is a decoded ID token whereas the token in your Go code is an access token - Are you adding email as a custom claim to the access token? If not, I believe that should do the trick. You’ll need to add it using a post-login action, something like:

exports.onExecutePostLogin = async (event, api) => {
  if (event.authorization) {
    api.accessToken.setCustomClaim('email', event.user.email);
  }
}

The email claim is not added to access tokens by default.

Keep us posted!

system · December 22, 2023, 11:50pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Getting User Information Using Go API Authorization Get Help jwt , go	3	4384	February 22, 2022
I am not getting email from my accessToken JWT.io jwt , auth0 , api , rules	2	1352	March 29, 2023
How to get Claims - email from JWT Get Help jwt , auth0 , api	7	5098	March 31, 2022
Go-jwt-middleware CustomClaims validation type failure Get Help apis , application	3	1216	October 3, 2023
Can't get machine token with correct permisson Get Help user-profile , user-management	2	311	February 16, 2024

Using Go to check tokens, how can I get the email address?

Related topics