Reputation: 1033
Get user email from Auth0 AccessToken with google authentication
I am using Auth0 for Google Authentication for my React App. Login is working successfully and I am getting access token using the getTokenSilently of the auth0-spa-js. But this token do not have user email or name.
const { getTokenSilently } = useAuth0();
getTokenSilently().then((t:any) => {
//t is the token
});
This has following claims:
{
"iss": "https://testauth0.auth0.com/",
"sub": "google-oauth2|<id>",
"aud": [
"test1",
"https://testauth0.auth0.com/userinfo"
],
"iat": 1567615944,
"exp": 1567702344,
"azp": "<>",
"scope": "openid profile email"
}
How can I request email and name to be part of the token? Do I need to pass any parameters to getTokenSilently?
I will be using this token to call an API and I need the email address. An alternative I see is to use the id that is part of the "sub" claim but email is much easier.
Thank you for your help.
Update I am able to get user info in the API using the userinfo endpoint (part of the aud claim). I would love to avoid this extra call.
Upvotes: 1
Views: 2552
Answers (4)
Reputation: 59
Adding 'email' to the scopes would do the trick
AuthorizationTokenRequest(
AUTH0_CLIENT_ID,
AUTH0_REDIRECT_URI,
issuer: 'https://$AUTH0_DOMAIN',
scopes: <String>['openid', 'email', 'profile'],
),
Upvotes: 1
Reputation: 144
Adding to dan-woda's answer we need to first add the required information in the claims, here in this case to the accesstoken.
This can be done using a rule.
e.g.
function (user, context, callback) {
context.accessToken["http://mynamespace/user_email"] = user.email;
callback(null, user, context);
}
Check out the samples given example of adding to idtoken
Upvotes: 0
Reputation: 668
You should be able to get the id token via auth0.getIdTokenClaims(). This will have the user profile.
Upvotes: 1
Reputation: 3571
From Google's OpenId Connect documentation (https://developers.google.com/identity/protocols/OpenIDConnect)
Obtaining user profile information
To obtain additional profile information about the user, you can use the access token (which your application receives during the authentication flow) and the OpenID Connect standard:
To be OpenID-compliant, you must include the openid profile scope in your authentication request.
If you want the user’s email address to be included, you can optionally request the openid email scope. To specify both profile and email, you can include the following parameter in your authentication request URI:
scope=openid%20email%20profile
Add your access token to the authorization header and make an HTTPS GET request to the userinfo endpoint, which you should retrieve from the Discovery document using the key userinfo_endpoint. The response includes information about the user, as described in OpenID Connect Standard Claims. Users may choose to supply or withhold certain fields, so you might not get information for every field to which your scopes request access.
There's no way to avoid this extra call as you name it.
Upvotes: 0
Related Questions
- How to get the Google user ID (email) when using Google Account OAuth API
- retrive name, email and profile from@react-oauth-google (new react library)
- get user email from firebase auth
- is there any way to get the email if while login with Oauth (Google,Github)
- How To Get Google User Profile Info Using Access Token From OAuth?
- How to get user email using Google Sign In expo Auth Session?
- How to obtain access_token from google oauth2
- Google auth2 .getCurrentUser() get the user token?
- React on Google Cloud | How to Authenticate Users with Google Email Address
- With the npm package googleapis how do I get the user's email address after authenticating them?