ANyway, what you want to do is one of the following: - Store the user info inside the access token payload (there is a section in the docs in "common customisations > session" for this). The contents of this can then be accessed via `getAccessTokenPayloadSecurely`; OR - You can create an API that does session verification and sends the relevant info to the frontend. Do not send the user ID to the API - always only use the session to identify the user on the backend.