User Profile
User object
Section titled “User object”After login, the user object from useAuth contains two parts:
const { user } = useAuth();
// Claims from the ID token (always available after login)user?.claims.sub; // Subject identifieruser?.claims.iss; // Issueruser?.claims.aud; // Audienceuser?.claims.exp; // Expiration (Unix timestamp)user?.claims.iat; // Issued at (Unix timestamp)
// Profile from the UserInfo endpoint (fetched separately)user?.profile?.email;user?.profile?.name;user?.profile?.preferred_username;Claims vs Profile
Section titled “Claims vs Profile”- Claims come from the ID token. They’re decoded locally (no network request) and contain identity assertions from the IdP.
- Profile comes from the UserInfo endpoint (
GET /userinfo). It requires a network request with the access token and contains the full user profile.
Controlling profile fetching
Section titled “Controlling profile fetching”By default, AuthProvider fetches the user profile after login. You can disable this:
<AuthProvider config={config} fetchProfile={false}> <App /></AuthProvider>When fetchProfile is false:
user.claimsis still available (decoded from the ID token)user.profileisnull- No request is made to the UserInfo endpoint
This is useful when you only need the sub claim for API calls and don’t need display information.
Manually fetching the profile
Section titled “Manually fetching the profile”If you disabled automatic profile fetching, you can fetch it on demand:
const { user, actions } = useAuth();
async function loadProfile() { await actions.fetchProfile(); // user.profile is now populated}Available profile fields
Section titled “Available profile fields”The profile fields depend on the scopes you requested and what the IdP returns:
| Scope | Fields |
|---|---|
openid | sub |
profile | name, preferred_username, picture, etc. |
email | email, email_verified |