How do we get user’s email from access token? I see that we can get following information from the access token claims. Is there a way to get user’s email?
I don’t think you can get it from the access token, but you should be able to get it from the /userinfo endpoint (which you can call with the access token). If you parse an ID token with JWT Verifier, you should be able to get it from that too.
By default the access token subject (sub) will be the username or if null clientId (in OAuth flows that do not contain a user context). And by default Okta username’s are email addresses. Both of these options are configurable though.
You can also add custom claims to your access token in the Admin console, for adding an email, it would look something like this: