Improve options to get user's email address after sign up / authentication

[FlxMgdnz]

Checklist

• I could not find a solution in the existing issues or docs.
• I agree to follow this project's Code of Conduct.

Description

Currently, the only way to get a (new) user's email is through user.getCurrent provided by the frontend-sdk. It seems that this is not immediately clear when using Hanko.

When building an integration with Hanko, the email address is basically always required to do the check if a user is new and needs to be created in the app, or if it's an existing user.

Let's think about improving this situation by maybe including the (primary) email address in relevant events such as onAuthFlowCompleted or even add the email claim to the jwt (seems like this is the most desired approach).

Describe your ideal solution

No response

Workarounds or alternatives

No response

Hanko Version

0.8.3

Additional Context

No response

[nikitavoloboev]

even add the email claim to the jwt

If this has no security risk, I don't think it should. I would really appreciate this addition.

I would like to just send the Hanko token to my backend endpoints and instantly decode the user email inside the token without doing any further calls to Hanko servers.

Or do what I plan to do now and have to store user email in local storage after sign up happens. Then send user email with every single request alongside the token. Then if at any point, hanko token is expired, in front end, I clear the local storage, then tell users to auth again to get both the token and user email into local storage.

If I could just send the token in Authorization header to endpoints and then decode email from token only, it would simplify the app quite a lot.

[birdlavv]

Having the user's primary email in the JWT would be very useful for backend user validation. Having to make a secondary, synchronous request to convert the payload.sub to a verified email loses all of the stateless benefits of JWTs.

Getting a user's verified email seems like a popular enough use case to justify the added JWT payload weight. Perhaps this could be enabled via an admin configuration option to populate the JWT with an email field?

[like-a-bause]

When building an integration with Hanko, the email address is basically always required to do the check if a user is new and needs to be created in the app, or if it's an existing user.

You should use the uuid of the user in the jwts sub field to determine if you already know the user. The primary email address can be changed.

[FlxMgdnz]

A good solution would be to include the user object in onAuthFlowCompleted