How do I get an id_token for a password grant flow?

amaanc · March 14, 2017, 4:10pm

For the implicit grant I’m supposed to use response_type=token id_token to get both an access_token and an id_token.

The password grant’s request doesn’t include a response_type though, so how am I supposed to specify that I want an id_token in the response?

amaanc · March 14, 2017, 4:13pm

You need to use the scope parameter for this (i.e. scope=openid at least).

For example:

curl -X POST -H "Content-Type: application/json" -d '{
  "client_id": "...",
  "client_secret": "...",
  "audience": "http://api.example.com/v1",
  "scope": "openid email read:email",
  "username": "...",
  "password": "...",
  "grant_type": "http://auth0.com/oauth/grant-type/password-realm",
  "realm": "Username-Password-Authentication"
}' "https://YOUR_ACCOUNT.auth0.com/oauth/token"

In this example, openid email are scopes requested for the id_token and read:email is for the access_token.

This is also touched upon in our documentation where it talks about “how to get a user’s claims”.

Topic		Replies	Views
Getting Id_token on authorize call Help id_token	4	3453	February 7, 2019
Not returning Refresh Token from Password Flow Help	5	7210	July 25, 2019
Getting the id_token programmatically Help jwt	2	3215	November 8, 2021
/oauth/token not returning id_token Help token , id_token	3	12570	March 2, 2018
No receiving IDToken Help	3	2378	July 8, 2020

How do I get an id_token for a password grant flow?

Related topics