Server-side currentUser email

dnprock · June 14, 2020, 5:55am

I’m using Auth0 for authentication. I’m trying to find currentUser.email field. I want to save this email for potential future migration. It looks like the object does not have the email field. Here’s an example data for currentUser:

{
  iss: 'https://dev-4-ozihdc.auth0.com/',
  sub: 'auth0|5ee53543e4647b00137025dd',
  aud: [
    'https://dev-4-ozihdc.auth0.com/api/v2/',
    'https://dev-4-ozihdc.auth0.com/userinfo'
  ],
  iat: 1592079735,
  exp: 1592166135,
  azp: 'RFI3tsaUePpAMtVv9u3Td07eejT6BTiL',
  scope: 'openid profile email'
}

I see the email field in currentUser on the client-side, but not the server-side. How do I retrieve it on the server-side?

peterp · June 14, 2020, 6:36am

You can add it to the jwt by using Auth0’s rules as described over here: Email address missing in access token when using Google Cloud Endpoint? - #5 by kmm - Auth0 Community

We should probably add this to the Redwood’s Auth docs!

dnprock · June 15, 2020, 6:25am

@peterp thanks very much. I figured it out now. It is confusing as the rule needs to be added inside Auth0 Auth Pipeline. I was trying to add it into getCurrentUser function.

thedavid · June 15, 2020, 10:52pm

Potentially related with a different take on the setup (just fyi):

fmiranda · May 22, 2023, 8:03pm

Update 2023

Auth0 is deprecating Rules and Hooks:

Beginning on October 16, 2023, Rules and Hooks functionality will not be present in newly-created tenants. Any tenants created before this date will continue to have access to Rules and Hooks until the EOL date of November 18, 2024.

The way to resolve this using Auth0 provider would be using Actions.

Log in to the Auth0 Management Dashboard (https://manage.auth0.com) and navigate to your Auth0 tenant.
In the left-hand sidebar, click on “Actions > Flows > Login” to access the Actions dashboard.
Click on the “+ New Action” button to create a new Action.
Give the Action a meaningful name, such as “Add email”
In the Action editor, paste the following code:


exports.onExecutePostLogin = async (event, api) => {
  const namespace = 'https://your-domain.com';
  const  email = event.user.email;

  if (event.authorization) {
    // Set claims 
    api.idToken.setCustomClaim(`${namespace}/email`, email);
    api.accessToken.setCustomClaim(`${namespace}/email`, email);
  }
};

Click on Deploy
Very important Go back to “Actions > Flows > Login” and drag your new action to the pipeline (see image).

After that, you will be able to get the user email from Redwood server side:

#
# Any service on api/src/services
#
export const myService = async () => {
  console.log(context.currentUser)
  ....
}

# ANSWER:

{
  'https://your-domain.com/email': 'username@userdomain.com',
   iat: 1645784773,
   exp: 1684741173,
   azp: 'CKvvKgXjESg62we3uNjSonlkvEZQX7Ns',
   scope: 'openid profile email'
   ...
}