In the new auth0-spa-js, the raw ID token isn’t available but only the decoded ID token payload.
There was a discussion around it before, and the conclusion was that such method would currently not be provided unless enough valid use cases exist:
So, to answer the question as per status quo: it’s currently not available in the new auth0-spa-js but only in the old auth0-js.
will verify if the access token is jwt format
But to clarify this part, is it only verifying the correct format, or also the valid signature, issuer, audience, expiration date, etc.?
Referring to:
And what are you doing with that ID token in the lambda function, except verifying it? How are you using it or it’s payload there (from a business logic perspective)?
By the way: this blog article might also be of interest about the launch of the new Auth0 SPA SDK.
@steve.hobbs FYI