Passwordless flow only returns access_token without id_token

We have two accounts, one is working as expected and one is not.

We are starting a passwordless flow with the following parameters:

{
	"client_id": "client_id....",
	"connection": "email",
	"email": "email....",
	"send": "link",
	"authParams": {
	  "scope": "openid email jti roles user_metadata",
	  "response_type": "token",
	  "redirect_uri": "redirect url...",
	  "state": "state...`"
	}
}

On the first account we are getting a short access_token and an id_token in the callback url parameters. This is what we need.

However on the second account we’re only getting a long access_token, the id_token is missing all together. We’ve tried double checking the client settings to see if something is different, but we can’t find anything that differs.

What could cause the id_token to be missing?

Of course I figured this out almost immediately after asking. The issue was wrong Default audience in Account settings → API Authorization Settings.

Problem solved!