Access_token using pkce

rakesh_agrawal · March 2, 2018, 3:25am

Hi,
I am understanding the way to create access_token using pkce.
I found this link: https://auth0.com/docs/api-auth/grant/authorization-code-pkce
I notices that the access token which gets generated by this process doesn’t seems to be a JWT token. How do we generate a JWT tocken using pkce?

Thanks

ricardo.batista · August 27, 2019, 10:35am

According to the access token document:

If the audience is set to
{YOUR_AUTH0_DOMAIN}/userinfo, then
the Access Token will be an opaque
string.
If the audience is set to the unique
identifier of a custom API, then the
Access Token will be a JSON Web Token
(JWT).

Also, when the audience is set to a custom API and the scope parameter includes the openid value, then the generated Access Token will be a JWT valid for both retrieving the user’s profile and for accessing the custom API.

For more information about creating and configuring an API in Auth0, see: https://auth0.com/docs/apis#how-to-configure-an-api-in-auth0

You should also check the OIDC Conformant switch, located in the client’s advanced settings. See this for more info: https://auth0.com/docs/api-auth/tutorials/adoption/oidc-conformant

system · August 27, 2019, 10:35am

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.