Differences in Bearer Token from Different Access

I implemented the Auth0 using Auth0 Python SDK Quickstarts: Login

From the successful login page, I am able to view the the following :

    "access_token": "xxx",
    "expires_at": 1657696308,
    "expires_in": 86400,
    "id_token": "xxx",
    "scope": "openid profile email",
    "token_type": "Bearer",
    "userinfo": {
        "aud": "a6GNX8ifpOrWovu9NakUp4Sxz0kqdJul",
        "email": "gerardsho@gmail.com",
        "email_verified": true,
        "exp": 1657645903,
        "iat": 1657609903,
        "iss": "https://randomsilver.us.auth0.com/",
        "name": "gerardsho@gmail.com",
        "nickname": "gerardsho",
        "nonce": "vumVyni7iVWzB7HRoAmY",
        "picture": "https://s.gravatar.com/avatar/1d847a5259fe55eb7c84f439e5f00277?s=480&r=pg&d=https%3A%2F%2Fcdn.auth0.com%2Favatars%2Fge.png",
        "sub": "auth0|62c45daf67fdea356d28bad4",
        "updated_at": "2022-07-11T19:34:14.775Z"

What I would like to know is that if I access the raw login page from :


I would see a token at the end of the url, upon successful login.

I found that this token neither fits in any of tokens shown in the successful login page configured above in the first method. Mainly, when I decoded via the jwt.io, it seems like the token from the second method is more complete, containing the permission rights. Kindly shed some light on this.

Hi @showall,

Welcome to the Auth0 Community!

Do you have an example of the second token?

It could be an opaque token, but it’s hard to say without seeing it.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.