How to get lastLogin, created, passwordChanged user attributes with React and okta-auth-js?

zsc · February 11, 2020, 4:24pm

I am trying to access some basic user attributes from a React app and okta-auth-js, as seen in the description of the User Model

{
  "id": "00ub0oNGTSWTBKOLGLNR",
  "status": "ACTIVE",
  "created": "2013-06-24T16:39:18.000Z",
  "activated": "2013-06-24T16:39:19.000Z",
  "statusChanged": "2013-06-24T16:39:19.000Z",
  "lastLogin": "2013-06-24T17:39:19.000Z",
  "lastUpdated": "2013-06-27T16:35:28.000Z",
  "passwordChanged": "2013-06-24T16:39:19.000Z",
    // ...
}

I started with only sub, email and email_verified. I configured Okta with scope: 'openid profile', and following this answer, I added user as a claim:

However all I get are normal user attributes, such as given_name, locale, or the extended profile attributes such as city, employeeNumber, manager and so on.

I read in this old StackOverflow question that a GET request to my endpoint will give me the information I want, but I am not fetching manually, I am using this getUser function instead:

async getUser() {
    const accessToken = await this._oktaAuth.tokenManager.get('accessToken');
    const idToken = await this._oktaAuth.tokenManager.get('idToken');
    if (accessToken && idToken) {
      const userinfo = await this._oktaAuth.token.getUserInfo(accessToken);
      if (userinfo.sub === idToken.claims.sub) {
        // Only return the userinfo response if subjects match to
        
        // mitigate token substitution attacks
        return userinfo
      }
    }
    return idToken ? idToken.claims : undefined;
  }

How do I get lastLogin, created, passwordChanged user attributes?

Thank you!

andrea · February 11, 2020, 4:40pm

As you surmised, the getUserInfo method sends the access token you provide to the /userinfo endpoint to get information about their claims, so the only information you will be returned would be the custom claims you configured as well as any of the user claims that are associated with the ‘openid’ and ‘profile’ scopes requested, as documented in this list.

The information you want is, as mentioned in that StackOverflow post, available by making a GET request to the /users endpoint which you can make from your application’s back-end. You can do this manually or use one of the management SDKs, such as the Node.js SDK.

zsc · February 11, 2020, 7:41pm

Thank you, @andrea. I had some trouble with okta-sdk-nodejs since it does not work with Next.js, but I managed to call the getUser from it and get the data I wanted.

system · January 23, 2024, 8:31pm

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.

Post		Replies	Views
[ReactJS] oktaAuth.token.getUserInfo returns limited set of user properties Questions reactjs	2	4992	December 15, 2020
Adding lastLogin timestamp to an Access Tokens claims via expression language Questions	2	1226	February 21, 2024
React - Okta API /userinfo and returning a user metadata API api , react	2	4249	December 18, 2020
Trying to get a unique ID for authenticated users OAuth/OIDC nodejs , reactjs	4	12824	February 15, 2018
How to get user info from Okta, other than name, surname and email? OAuth/OIDC	2	16522	January 21, 2019

How to get lastLogin, created, passwordChanged user attributes with React and okta-auth-js?

Related topics