diff --git a/.changeset/wicked-jobs-exist.md b/.changeset/wicked-jobs-exist.md
new file mode 100644
index 0000000..5c5f003
--- /dev/null
+++ b/.changeset/wicked-jobs-exist.md
@@ -0,0 +1,5 @@
+---
+"@saleor/app-sdk": minor
+---
+
+Extended context argument in createProtectedHandler. Now it contains "user" object with email and permissions
diff --git a/docs/protected-handlers.md b/docs/protected-handlers.md
index 4aecd6c..c597334 100644
--- a/docs/protected-handlers.md
+++ b/docs/protected-handlers.md
@@ -15,6 +15,10 @@ First, create handler for your business logic. The only difference from usual Ne
 export type ProtectedHandlerContext = {
   baseUrl: string; // the URL your application is available
   authData: AuthData; // Auth Data which can be used to communicate with the Saleor API
+  user: {
+    email: string;
+    userPermissions: string[];
+  };
 };
 ```
 
diff --git a/src/handlers/next/process-protected-handler.test.ts b/src/handlers/next/process-protected-handler.test.ts
index 261ccf1..69c3e22 100644
--- a/src/handlers/next/process-protected-handler.test.ts
+++ b/src/handlers/next/process-protected-handler.test.ts
@@ -63,6 +63,10 @@ describe("processSaleorProtectedHandler", () => {
         jwks: mockAPL.mockJwks,
       },
       baseUrl: "https://some-saleor-host.cloud",
+      user: expect.objectContaining({
+        email: expect.any(String),
+        userPermissions: expect.any(Array),
+      }),
     });
   });
 
diff --git a/src/handlers/next/process-protected-handler.ts b/src/handlers/next/process-protected-handler.ts
index e045b77..22909b1 100644
--- a/src/handlers/next/process-protected-handler.ts
+++ b/src/handlers/next/process-protected-handler.ts
@@ -5,6 +5,7 @@ import { AuthData } from "../../APL/apl";
 import { createDebug } from "../../debug";
 import { getBaseUrl, getSaleorHeaders } from "../../headers";
 import { Permission } from "../../types";
+import { extractUserFromJwt, TokenUserPayload } from "../../util/extract-user-from-jwt";
 import { verifyJWT } from "../../verify-jwt";
 
 const debug = createDebug("processProtectedHandler");
@@ -34,6 +35,7 @@ export class ProtectedHandlerError extends Error {
 export type ProtectedHandlerContext = {
   baseUrl: string;
   authData: AuthData;
+  user: TokenUserPayload;
 };
 
 interface ProcessSaleorProtectedHandlerArgs {
@@ -96,8 +98,11 @@ export const processSaleorProtectedHandler: ProcessAsyncSaleorProtectedHandler =
     throw new ProtectedHandlerError("JWT verification failed: ", "JWT_VERIFICATION_FAILED");
   }
 
+  const userJwtPayload = extractUserFromJwt(token);
+
   return {
     baseUrl,
     authData,
+    user: userJwtPayload,
   };
 };
diff --git a/src/util/extract-user-from-jwt.ts b/src/util/extract-user-from-jwt.ts
index b36a6d7..68f7b63 100644
--- a/src/util/extract-user-from-jwt.ts
+++ b/src/util/extract-user-from-jwt.ts
@@ -2,7 +2,7 @@ import * as jose from "jose";
 
 import { Permission } from "../types";
 
-type TokenUserPayload = {
+export type TokenUserPayload = {
   email: string;
   userPermissions: Permission[];
 };