How do I get an id_token for a password grant flow?

amaanc · March 14, 2017, 4:10pm

For the implicit grant I’m supposed to use response_type=token id_token to get both an access_token and an id_token.

The password grant’s request doesn’t include a response_type though, so how am I supposed to specify that I want an id_token in the response?

amaanc · March 14, 2017, 4:13pm

You need to use the scope parameter for this (i.e. scope=openid at least).

For example:

curl -X POST -H "Content-Type: application/json" -d '{
  "client_id": "...",
  "client_secret": "...",
  "audience": "http://api.example.com/v1",
  "scope": "openid email read:email",
  "username": "...",
  "password": "...",
  "grant_type": "http://auth0.com/oauth/grant-type/password-realm",
  "realm": "Username-Password-Authentication"
}' "https://YOUR_ACCOUNT.auth0.com/oauth/token"

In this example, openid email are scopes requested for the id_token and read:email is for the access_token.

This is also touched upon in our documentation where it talks about “how to get a user’s claims”.

Topic		Replies	Views
How do I get id_token instead of access_token Get Help	8	6481	August 28, 2019
How can I obtain an id_token from Python code Get Help id_token , python	4	6189	March 2, 2018
Retrieving 'identities' claim in id_token on username/password login Get Help id_token , login , claim	4	5384	March 2, 2018
/oauth/token not returning id_token Get Help token , id_token	3	12891	March 2, 2018
Getting Id_token on authorize call Get Help id_token	4	3508	February 7, 2019

How do I get an id_token for a password grant flow?

Related topics