access_token in JWT format - iOS SDK

jamesscott · July 19, 2017, 7:37pm

Hi,
I am using this function for getting access_token, but still I don’t get it in JWT format.

enum Auth0Key:String{
    case SCOPE          = "openid user offline_access update:current_user_identities"
    case CONNECTION     = "Username-Password-Authentication"
}

Auth0
.authentication()
.login(usernameOrEmail: username, password: password, connection: Auth0Key.CONNECTION.rawValue, scope: Auth0Key.SCOPE.rawValue, parameters: "device":"test", "audience":Environment.shared.baseUrl])
.start { result in
    switch result {}

I post in payload audience, but I don’t get still access_token in JWT. Could you help me, to set it?
Thanks.
Vladimir

Ryan_Chenkie · July 19, 2017, 9:41pm

Hi Vladimir,
What have you set as your audience? To get a JWT access token your audience needs to be the identifier for an API you create in the Auth0 dashboard.

jamesscott · July 19, 2017, 9:48pm

Thanks for reaction. I am using identifier from Auth0 dashboard, but still no luck. I forgot to mention, that I am using it on tvOS, but it should work there too. Should I post in payload something else?

yuichi · August 8, 2017, 3:13pm

I am seeing a very similar situation. I just downloaded sample from official repo (GitHub - auth0-samples/auth0-ios-swift-sample: Auth0 Integration Samples for iOS Swift) and ran with updated Auth0.plist.

So, the code snippet is something like this

Auth0
        .webAuth()
        .audience("https://" + clientInfo.domain + "/userinfo")
        .scope("openid profile")
        .start {
            switch $0 {
            case .failure(let error):
               // Handle the error
               print("Error: \(error)")
            case .success(let credentials):
               guard let accessToken = credentials.accessToken, let idToken = credentials.idToken else { return } ...

It works fine and lets me login, but the accessToken is not JWT. Something like KBSxkmG-OcpA6-cg.

Please help. I cannot send this to my API server for verification.

P.S. I thought the issue is related, so I posted in this thread to consolidate. But if it is better to create my own thread, let me know.

yuichi · August 8, 2017, 11:36pm

Self answering my quesiton. Ryan’s comment above had the answer in it.

I had to replace

"https://" + clientInfo.domain + "/userinfo"

to something like

TestAPI

(API name I have created in the portal), and voila. Access token returns in JWT.

In the initial example, audience is “userinfo” which requires (!?) opaque access token, and that’s why I don’t get JWT token.

lcheng_nj · September 19, 2017, 12:39pm

How was the API “TestAPI” created?

yuichi · September 19, 2017, 11:30pm

Something like this @lcheng_nj ![alt text][1]