Auth0 Home Blog Docs

Authorizaton returning short access token

access_token

#1

I am having the exact same issue as posted here - https://auth0.com/forum/t/how-to-verify-access-token-in-the-implicit-grant-flow/5391

However I have created an API as discussed there but still am getting a very short, non JWT, access_token back in the hash fragment of the URL.

I have read a lot of documentation on how to set this up and think I am on the right path. Any ideas would be great.

Thanks


#2

I have found this post here - https://community.auth0.com/questions/2402/lock-web-get-jwt-access-token-and-id-token-to-call

That says:

Finally, take in consideration that the use of Lock with API Authorization (aka audience parameter) is not yet documented so your mileage may vary. If you want API Authorization the currently recommended approach is to use Auth0.js v8, in particular, the methods that make use of the hosted login page.

I was using Lock, so this is likely my issue? Would be great if you could specify an audience with Lock, if that is all that is needed.


#3