How to get lastLogin, created, passwordChanged user attributes with React and okta-auth-js?

I am trying to access some basic user attributes from a React app and okta-auth-js, as seen in the description of the User Model

{
  "id": "00ub0oNGTSWTBKOLGLNR",
  "status": "ACTIVE",
  "created": "2013-06-24T16:39:18.000Z",
  "activated": "2013-06-24T16:39:19.000Z",
  "statusChanged": "2013-06-24T16:39:19.000Z",
  "lastLogin": "2013-06-24T17:39:19.000Z",
  "lastUpdated": "2013-06-27T16:35:28.000Z",
  "passwordChanged": "2013-06-24T16:39:19.000Z",
    // ...
}

I started with only sub, email and email_verified. I configured Okta with scope: 'openid profile', and following this answer, I added user as a claim:

However all I get are normal user attributes, such as given_name, locale, or the extended profile attributes such as city, employeeNumber, manager and so on.

I read in this old StackOverflow question that a GET request to my endpoint will give me the information I want, but I am not fetching manually, I am using this getUser function instead:

async getUser() {
    const accessToken = await this._oktaAuth.tokenManager.get('accessToken');
    const idToken = await this._oktaAuth.tokenManager.get('idToken');
    if (accessToken && idToken) {
      const userinfo = await this._oktaAuth.token.getUserInfo(accessToken);
      if (userinfo.sub === idToken.claims.sub) {
        // Only return the userinfo response if subjects match to
        
        // mitigate token substitution attacks
        return userinfo
      }
    }
    return idToken ? idToken.claims : undefined;
  }

How do I get lastLogin, created, passwordChanged user attributes?

Thank you!

As you surmised, the getUserInfo method sends the access token you provide to the /userinfo endpoint to get information about their claims, so the only information you will be returned would be the custom claims you configured as well as any of the user claims that are associated with the ‘openid’ and ‘profile’ scopes requested, as documented in this list.

The information you want is, as mentioned in that StackOverflow post, available by making a GET request to the /users endpoint which you can make from your application’s back-end. You can do this manually or use one of the management SDKs, such as the Node.js SDK.

1 Like

Thank you, @andreaskouras. I had some trouble with okta-sdk-nodejs since it does not work with Next.js, but I managed to call the getUser from it and get the data I wanted.