How to get email from access token

How do we get user’s email from access token? I see that we can get following information from the access token claims. Is there a way to get user’s email?

Jwt jwt = jwtVerifier.decodeAccessToken(accessToken);

for (String key : jwt.getClaims().keySet()) {

System. out.println(key + ": " + jwt.getClaims().get(key));

}

aud: [api://default]
uid: 00ugXXXXXXYn0h7
scp: [“openid”,“email”]
sub: Dip Das
ver: 1
app_spec: app_version:12345
iss: https://xxx.oktapreview.com/oauth2/default
exp: Mon Oct 15 15:29:40 PDT 2018
iat: Mon Oct 15 14:29:40 PDT 2018
jti: AT.X3hne6gTnS4236cAnMk_9HYz964WAA_6uippyD0O0fY
cid: 0oagmXXXXXXt5u0h7

I don’t think you can get it from the access token, but you should be able to get it from the /userinfo endpoint (which you can call with the access token). If you parse an ID token with JWT Verifier, you should be able to get it from that too.

Hey @ddas72!

By default the access token subject (sub) will be the username or if null clientId (in OAuth flows that do not contain a user context). And by default Okta username’s are email addresses. Both of these options are configurable though.

You can also add custom claims to your access token in the Admin console, for adding an email, it would look something like this:

1 Like