How to create a JWT that contains the Auth0 User_Metadata

1
votes

So I know how to create tokens and how to read tokens but I am running into an issue with getting the User_Metadata from the Users I created in Auth0 (without login them in from my application).

What I am trying to do is this:

  1. User some where with a device logs into Auth0 and generates a JWT Token
  2. User now calls my API and passes Bearer with token in header
  3. I read Bearer and Authenticate that the token is good. I then want to pull the user information from the token to use to make sure they have rights to do something.

I am not wanting a 2nd database that holds user information that they will need to log into my API so I know who they are. I just want to be able to use the JWT Token to get that information. Right now when I create a token I have this in the Payload:

{
  "iss": "https://.....",
  "sub": "RTMLeICuyL1kyeQN@clients",
  "aud": "https://.....",
  "exp": 1494031764,
  "iat": 1493945364,
  "scope": ""
}

If I go to Auth0 User Details tab I can see the user and the user_metadata and app_metadata that I want to return but not sure how to get it. Thanks for any help.

1
node.jsauth0

1 Answers

1
votes

I was not able to get the User Profile data from Auth0 to come in on the JWT Token but I was able to use the client scopes in Auth0 to create the scopes needed to do Authorization. This is still not the best answer but it will allow me to determine if someone has rights to view that object and records.

I will go into more details as I write up an example.