tyf
September 6, 2023, 11:41pm
3
Hey there @dean2 sorry for the delayed response here!
The {id}
is equivalent to the sub
claim in either an ID or access token.
dean2:
I was reading this article as well trying to parse the access token. When I use the website it links(jwt.io ), it says invalid access token, BUT when I cut/paste the json to generate the token, it gives me an accesstoken just fine. I don’t understand how auth0 is giving an access token that can’t be parsed when there is docs talking about accesstoken. This is so confusing here.
It’s possible you are receiving an opaque access token if you aren’t passing an audience
param in the /authorize
request - The following FAQ(s) may be helpful:
Question: Why is my access token not a JWT? (Opaque Token)
Answer:
An access token will be issued in one of the following formats:
JSON Web Token (JWT) : Tokens that conform to the JSON Web Token standard and contain information about an entity in the form of claims. They are self-contained in that it is not necessary for the recipient to call a server to validate the token. Access Tokens issued for the Auth0 Management API and Access Tokens issued for any custom API that you have registere…
Question: What is the Audience?
Answer:
The audience parameter exists as part of the OAuth2.0 protocol. You can read more information from the specification here .
What is it?
The audience (presented as the aud claim in the access token) defines the intended consumer of the token.
This is typically the resource server (API, in the dashboard) that a client (Application) would like to access.
It can be added to the request to authorize i.e. audience: 'https://test-api'
Here is an example where …
2 Likes