K
Kinde3mo ago
Ɇ₦ĐɆⱤV₳₥₱łⱤɆ

Including the user's username in the Access Token

Title :p I don't want to have to hit the Kinde API to retrieve the user's username. Additionally, it would be nice if getUser or getUserProfile included that info.
6 Replies
Stephen
Stephen3mo ago
You can do this by customising the access token. (Go to your Kinde app in the admin portal and click on Tokens, and then 'Customize'. The UI shows 0 properties enabled even if you enable things, but I believe that this is just a visual bug. The email address will appear in the access token claims
No description
Stephen
Stephen3mo ago
I'm assuming that by 'username' you mean email address with this, but if you're using Username + code (which I'm not), then it might be a different claim you need to enable
Ɇ₦ĐɆⱤV₳₥₱łⱤɆ
Ɇ₦ĐɆⱤV₳₥₱łⱤɆOP3mo ago
I meant username + code auth. There is no claim for username hence this post 😛
Abdelrahman Zaki - Kinde
Abdelrahman Zaki - Kinde3mo ago
Hi @Ɇ₦ĐɆⱤV₳₥₱łⱤɆ, the username is already included in the ID token as the preferred_username claim. Do you specifically need it to also be present in the access token, or would using it from the ID token work for your use case?
Ɇ₦ĐɆⱤV₳₥₱łⱤɆ
Ɇ₦ĐɆⱤV₳₥₱łⱤɆOP3mo ago
Access token would be great as well 🙂 My goal here is to keep my database in-sync with the preferred username of the user without unnecessary API calls or anything complex. With preferred_username in the access token I can elect to update my version in the DB during certain api calls (e.g a /users/me endpoint that gets called on app load) Additionally, I checked this last night, but it does not look like the self serve portal allows the user to change their email nor their username (it doesn't even show their username). Are there any plans for that to become self-serve? Additionally, I may have missed the self-serve for MFA and passwords, are those an option that can be enabled for the user to change?
Abdelrahman Zaki - Kinde
Abdelrahman Zaki - Kinde3mo ago
Hi @Ɇ₦ĐɆⱤV₳₥₱łⱤɆ, The best way to include the username in the access token is to use a user:tokens_generation workflow. This lets you fetch the username from the Management API and add it as a custom claim. For self-serve profile management (username, email, password), we’re already working on this. You can subscribe for updates here: Allow self-serve profile management. Self-serve MFA isn’t available yet but is on our roadmap. Let me know if you’d like me to add your request so you’ll be notified when it’s ready.

Did you find this page helpful?