How to access user profile to get social API tokens?

Hi there. I’m finding the documentation around tokens for social graph access confusing. I’ll describe what I’m trying to do, and hopefully someone will have an example or clear documentation to follow. (I should add that I’m new to Auth0 and authorization in general.)

I have a React-Native app that uses Auth0 for social (Facebook) login, connected with Graphcool as my backend data store. I want to be able to keep my user logged in (i.e. using a stored id_token), and yet every time they use the app, have ready access to their Facebook friend list (a permission they granted my app when they first signed up and logged in via Facebook via Auth0).

I am successfully using the basic Auth0 id_token for signups, to create user objects on Graphcool, etc. But I am utterly lost when it comes to getting Facebook-API specific access tokens via Auth0 for my currently logged-in user. I’ve read documentation that says I’ll need to use an “access_token” gotten during login (which is only happening once every now and then, as I persist the id_token for many days) to get some other token, to get some other token, to get some other token (et al.) that will eventually give me access to the Facebook API.

Anyone know how to set this up, with clear examples? The fake/simulated “test client” for management on the Auth0 website is confusing. I’d like to see an example or documentation that describes clearly how to integrate this into a client (i.e. native mobile) app. Thanks!

Hi! I have the same issue, not able to figure out how to get an OAuth access token for facebook after a user signed in from Auth0. Any help would be appreciated :slight_smile:

There are 3 steps to calling an external Identity Provider API (e.g. Facebook) for the logged in user:

The access_token that you obtain during login cannot be used to call the Facebook API directly. The identity provider access_token is stored in the user profile, which must be retrieved via the Auth0 Management API.

  1. You need to obtain an access_token with the scope read:user_idp_tokens to call the Auth0 Management API.
  2. Get the user profile from the Management API trough the Get User endpoint.
  3. Extract the idP access_token from the identities array. E.g user.identities[0].access_token.

The process to do this is outlined in the following document:

Thanks for the pointer @prashant , but the article you link to (which I have read) is actually the source of much of my confusion–specifically around how to obtain (and what exactly is) a so-called management token for my client app etc

Is there a more user-friendly tutorial somewhere? Thanks!

The management api v2 access token is a JWT meant to be used for our Management API. You can obtain it directly in the dashboard by creating and authorizing a non interactive client or you can use a script that automates the process. These tokens are valid for 24 hours by default (but this can be changed).

The process to obtain an access token for the Management API v2 is explained here