I followed this tutorial to get access_token Call Your API Using the Authorization Code Flow ( i am using laravel to build API)
But when i dump the response. I got something like this
As you can see, the access_token is really shot, i think it wasn’t encrypted. And i tried to use that token to get user information and it failed.
After this, i cloned repo react in quick start guild and used the same config. And response is different
The user’s information can be found in the ID Token. You can decode the token at jwt.io
The Access Token will be returned as either a JWT or an opaque token depending on the audience. If no audience is configured in the client application, then the audience is your Auth0 tenant’s /userinfo endpoint (https://{your-auth0-domain}/userinfo), and the token is opaque.
To get a JWT Access Token that can be decoded, you can pass an API identifier as the audience:
ReactDOM.render(
<Auth0Provider
domain={config.domain}
clientId={config.clientId}
redirectUri={window.location.origin}
audience={config.audience}
onRedirectCallback={onRedirectCallback}
>
<App />
</Auth0Provider>,
document.getElementById("root")
);
Would you mind sending an example request (be sure to take out any sensitive info such as a client ID or your domain)? for example:
https://YOUR_DOMAIN/authorize?
response_type=code&
client_id=YOUR_CLIENT_ID&
redirect_uri=https://YOUR_APP/callback&
scope=SCOPE&
audience=API_AUDIENCE& // <-- This determines whether a JWT will be returned for the Access Token
state=STATE
In the request, if you list the audience as an API identifier of a registered API in your tenant, you should receive a JWT for the Access Token.
oh, i read too fast so i skip ** The Access Token will be returned as either a JWT or an opaque token depending on the audience** part. Thank you, i did it 