setting jti in tokens with Auth0 Management API v2

After many tries, i wonder if the following documentation on setting the jti claim in jwt tokens is still valid: blacklists

I defined a rule according to the example:

function (user, context, callback) {
  user.jti = require('uuid').v4();
  callback(null, user, context);
}

then i’m generating a token with the authorize endpoint as follows:

https://mydomain.auth0.com/authorize
    ?audience=https://mydomain.auth0.com/api/v2/
    &scope=openid%20jti&response_type=token
    &client_id=KY4QozMN4ad0...wgoKYUYE
    &redirect_uri=https://www.example.com
    &state=STATE
    &nonce=NONCE

I tried several scopes (openid, openid profile, openid jti) and both response_type token and id_token, but i never get the jti claim in the generated tokens.

Could you indicate the correct way to get the jti claim in jwt tokens generated for the management api v2 so i can use the blacklist feature to invalidate long lived tokens?

3 Likes

Did you get this figured out?

1 Like

Did you get this figured out?

1 Like