Getting user data on the Frontend

To access user data in your frontend application, use the hanko.getCurrent() method from the hanko-frontend-sdk (also available via hanko-elements). To get the user claims from the JWT, use the hanko.validateSession()function.

"use client";

import { Hanko } from "@teamhanko/hanko-elements";

const hankoApi = <YOUR_HANKO_API_URL>;
const hanko = new Hanko(hankoApi);

// Fetches the current user's profile information
const user = await hanko.getUser();
console.log("User profile:", user);
// Example output:
// {
//   user_id: "123e4567-e89b-12d3-a456-426614174000",
//   emails: [{ address: "user@example.com", is_primary: true, is_verified: true }],
//   username: { id: "f2882293-3c39-451d-a7cb-4cf3375e0c66", username: "johndoe" },
//   created_at: "2025-01-01T10:00:00Z",
//   updated_at: "2025-04-01T12:00:00Z"
// }

// Checks the validity of the current session and returns the user claims
const sessionStatus = await hanko.validateSession();
console.log("Session status:", sessionStatus);
// Example output:
// {
//   is_valid: true,
//   claims: {
//     subject: "123e4567-e89b-12d3-a456-426614174000",
//     session_id: "789abc",
//     expiration: "2025-04-25T12:00:00Z",
//     email: { address: "user@example.com", is_primary: true, is_verified: true },
//     custom_field: "value"
//   }
// }

Getting user data on the Backend

Getting user ID from the JWT

The Hanko API sends back a cookie upon successful authentication, which is then sent to the RP backend for each subsequent request. The cookie contains a JWT. One of the things we can get from this JWT is the user ID. We can use the jose library to decode the value of such a JWT:

import { cookies } from "next/headers";
import * as jose from "jose";

export async function userId() {
  const token = cookies().get("hanko")?.value;
  const payload = jose.decodeJwt(token ?? "");

  const userID = payload.sub;
  return userID;
}

Getting email from the JWT

In addition to the user ID, you can also fetch the current email address, including its verification status and whether it is set as the primary email.

import { cookies } from "next/headers";
import * as jose from "jose";

export async function emailData() {
  const token = cookies().get("hanko")?.value;
  const payload = jose.decodeJwt(token ?? "");

  /* email object looks like:
  {
    address: 'team@hanko.io
    is_primary: true
    is_verified: true
  }
   */
  const emailData = payload.email;
  return emailData;
}

You can refer to JWT Payload Content docs for more information on the JWT payload.

Get user data using the Hanko Admin API

The Hanko Admin API provides detailed information about the status, user management, metrics and more. In this example we will focus on getting the data from a specific user. To get data for a specific user, call the /users/{id} endpoint of the Hanko Admin API, where id is the user id previously obtained from the JWT.

The Hanko Admin API is available in Hanko Pro and Enterprise plans. Check out our pricing page for more information.

You also need an API key secret to access the Hanko Admin API which can be generated under the Settings > API Keys section of your project.

const getUserData = async () => {
  const adminAPI = process.env.ADMIN_API;
  const adminSecret = process.env.ADMIN_SECRET;
  const options = {
    method: "GET",
    headers: {
      Authorization: `Bearer ${adminSecret}`,
    },
  };

  const response = await fetch(`${adminAPI}/users/${userID}`, options);

  return response.json();
};

const userData = await getUserData();
console.log("user data:", userData);