Custom Database and Access Tokens

We have a custom database connection which we use to verify a user.

From this verification we return and email address and the user_id.

This logs us incorrectly and returns a valid ID token, but an invalid Access Token.

I need to return an Access Token that contains scopes and is valid. What should I do?

Hi @mike.edwards

Welcome to the Auth0 Community :slight_smile:

When you say the Access Token is invalid do you mean it is not in JWT format? perhaps it is an opaque token as these are in a proprietary format https://auth0.com/docs/secure/tokens/access-tokens#opaque-access-tokens

If so you’ll need to ensure you add an audience parameter into the call to get the token or the /authorize request, please review the document here for more details https://auth0.com/docs/secure/tokens/access-tokens/get-access-tokens

Warm regards

1 Like

Hi Saqib

Thanks for the response, when I say invalid. I am running it through JWT.IO to check the claims that have been assigned.

From this screenshot you can see that it doesn’t have a valid signature or any payload:

For a custom database do I need to manually add the missing claims?

Usually if there is no payload it’s because when you log in you are not requesting a specific API audience. If you want a full jwt access token with a payload you’ll need to specify an audience for an API.

https://auth0.com/docs/secure/tokens/access-tokens/get-access-tokens#control-access-token-audience

How are you going about getting the Access Token? Login via one of our SDK’s or a direct call to the Authentication API?

2 Likes

You are right, I had missed the audience on my request. I thought I had it already there. Thank you

Fantastic! I’m glad we got it resolved :+1:

All the best.

1 Like

Teamwork makes the dreamwork!