User details in ID token
The User Details in ID Token setting controls whether personally identifiable information (PII) such as email, name, and profile picture is included in the JWT identity token issued by Embedded Wallets.
Web SDK v11 (@web3auth/modal for JavaScript, React, and Vue) also surfaces a richer user object that includes linked accounts and authentication methods across every wallet the user has connected, not just the one they used to sign in.
Richer user object (Web SDK v11)
When you call getUserInfo() or use useWeb3AuthUser, the returned UserInfo object can include a linkedAccounts array.
Each entry describes a wallet linked to the same Embedded Wallets user:
| Field | Description |
|---|---|
id | Linked account identifier |
isPrimary | Whether this is the user's primary account |
eoaAddress | Externally owned account address |
aaAddress | Smart account address, if configured |
connector | Connector name for this account |
active | Whether this account is the active connection |
import { useWeb3AuthUser } from '@web3auth/modal/react'
function UserProfile() {
const { userInfo } = useWeb3AuthUser()
return (
<div>
<p>Primary login: {userInfo?.typeOfLogin}</p>
<ul>
{userInfo?.linkedAccounts?.map(account => (
<li key={account.id}>
{account.eoaAddress} ({account.connector}){account.active ? ' (active)' : ''}
</li>
))}
</ul>
</div>
)
}
Use this object to unify analytics, CRM records, and support tooling under one user ID. See Multi-wallet linking and switching for linking and switching APIs.
The dashboard User management section lists users and their linked accounts for your project. See Access control.
ID token configuration
Navigate to Project Settings → Advanced → User details and choose one of three modes:
| Mode | Additional claims in token |
|---|---|
| Disabled | None — only sub, wallet_address, standard JWT fields |
Email only (userIdentifier: email) | email |
| Enabled (all PII) | email, name, picture, provider fields |
The sub (user identifier), wallet_address, aud, exp, and iat claims are always present regardless of this setting.
Reading the token
Retrieve the identity token using getIdentityToken():
const { idToken } = await web3auth.getIdentityToken()
The returned idToken is a signed JWT. Verify it server-side using the JWKS endpoint or project verification key before trusting any claims.
Sample token payloads
Disabled — minimal claims only:
{
"sub": "google|user_unique_id",
"wallet_address": "0x1234...abcd",
"aud": "<YOUR_CLIENT_ID>",
"exp": 1640995200,
"iat": 1640908800
}
Enabled — full PII included:
{
"sub": "google|user_unique_id",
"wallet_address": "0x1234...abcd",
"aud": "<YOUR_CLIENT_ID>",
"exp": 1640995200,
"iat": 1640908800,
"email": "user@example.com",
"name": "Jane Doe",
"picture": "https://profile-pics.example.com/user.jpg",
"provider": "google"
}
Privacy considerations
Only enable PII in tokens when your dapp needs it. Ensure your privacy policy discloses what user data you process. For GDPR-regulated users, obtain explicit consent before persisting any PII sourced from the token.
Next steps
- Session management — control session lifetime
- Key export settings — control private key export permissions
- Project settings — general project configuration