英文:
How to include user details in Access Token JWT Payload while implementing Auth Code Flow with PKCE with auth0?
问题
I'm trying to work through implementing an Auth Code Flow with PKCE in a personal web application, and I'm stuck, so any help would be appreciated. The goal of the website is for a user to login (with OAuth2 from Auth0), and perform CRUD operations on some records which only the user has access to. The app is a React SPA with an express backend. The flow I'm trying to implement right now is:
- User authenticates via frontend: Login via OAuth to retrieve Auth Code
- We exchange Auth Code for an access token, set it as the Authorization header Bearer token
- On the client, user creates a resource via POST call to server: On the backend, we validate the access token.
- On the backend, we determine WHO the resource is; this is critical because I need to know which records belong to this user (this is basically where I'm stuck)
- Record is created with that user's email_address as one of the columns
Right now the only way I know how to implement 4. is by having my server call this GET /userinfo API from auth0: https://auth0.com/docs/api/authentication#user-profile. This allows me to get the email from the user's profile, but the HTTP call sometimes takes quite long (~500ms), and it just feels wrong to have to do this for every CUD operation.
I thought there would be a way to have user information included as a claim in the Access Token. I tried fiddling around with different scope values in my request for the Auth token, but none of them change the properties in the JWT's payload.
I would greatly appreciate anyone who takes the time to read this and perhaps provides a solution, thanks.
英文:
I'm trying to work through implementing an Auth Code Flow with PKCE in a personal web application, and I'm stuck, so any help would be appreciated. The goal of the website is for a user to login (with OAuth2 from Auth0), and perform CRUD operations on some records which only the user has access to. The app is a React SPA with an express backend. The flow I'm trying to implement right now is:
- User authenticates via frontend: Login via OAuth to retrieve Auth Code
- We exchange Auth Code for an access token, set it as the Authorization header Bearer token
- On the client, user creates a resource via POST call to server: On the backend, we validate the access token.
- On the backend, we determine WHO the resource is; this is critical because I need to know which records belong to this user (this is basically where I'm stuck)
- Record is created with that user's email_address as one of the columns
Right now the only way I know how to implement 4. is by having my server call this GET /userinfo API from auth0: https://auth0.com/docs/api/authentication#user-profile. This allows me to get the email from the user's profile, but the HTTP call sometimes takes quite long (~500ms), and it just feels wrong to have to do this for every CUD operation.
I thought there would be a way to have user information included as a claim in the Access Token. I tried fiddling around with different scope values in my request for the Auth token, but none of them change the properties in the JWT's payload.
I would greatly appreciate anyone who takes the time to read this and perhaps provides a solution, thanks.
答案1
得分: 1
解决方案是向我的访问令牌添加一个包含电子邮件的自定义声明:
https://auth0.com/docs/secure/tokens/json-web-tokens/create-custom-claims
英文:
Solution was to add a custom claim to my Access Token containing the email:
https://auth0.com/docs/secure/tokens/json-web-tokens/create-custom-claims
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论