What is Inside a Login Token?

Q: I am using AngularJS. I am successfully using Social Login and getting a token. How do I get details on the user, user id, etc.?


A: The login token itself contains many of the user’s attributes, using JWT encoding. For client-side JS, like Angular, you can simply decode the JWT with verification mode turned off (which is fine, since it’s client-side). Alternatively, you can use RS256 verification inside the browser.

The payload we include inside the JWT is documented at: Login Tokens – see “What’s inside a JWT”.

If you’re also sending data back to a server, then you can simply send the original JWT along with the user’s request to the server (using a header, basic-auth, or any other method you choose). In this case, you will want to validate the token on the server using the JWT secret (available in our UI under: Realms -> Settings) to make sure it hasn’t been tampered with.

Tagged with: jwt social auth

Questions? Find a Typo? Get in touch.