Access_token using pkce

rakesh_agrawal · February 16, 2018, 6:43pm

Hi,
I am understanding the way to create access_token using pkce.
I found this link: https://auth0.com/docs/api-auth/grant/authorization-code-pkce
I notices that the access token which gets generated by this process doesn’t seems to be a JWT token. How do we generate a JWT tocken using pkce?

Thanks

ricardo.batista · February 16, 2018, 11:35pm

According to the access token document:

If the audience is set to
{YOUR_AUTH0_DOMAIN}/userinfo, then
the Access Token will be an opaque
string.
If the audience is set to the unique
identifier of a custom API, then the
Access Token will be a JSON Web Token
(JWT).

Also, when the audience is set to a custom API and the scope parameter includes the openid value, then the generated Access Token will be a JWT valid for both retrieving the user’s profile and for accessing the custom API.

For more information about creating and configuring an API in Auth0, see: APIs

You should also check the OIDC Conformant switch, located in the client’s advanced settings. See this for more info: Applications in Auth0

system · August 27, 2019, 10:35am

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.