Auth0 Home Blog Docs

How to get idToken using just accessToken?

id_token
access-token
idtoken

#1

If all I have is the user’s accessToken, I know I can call auth0lock getUserInfo() and get their details

But how can I get their id_token with just an accessToken?


#2

This is PHP … Code below get the sub claim for user that generated the access token. Not exactly what you are looking for but you might use it as starting point. Using the JWTVerifier, as:

  use Auth0\SDK\Exception\CoreException;
  use Auth0\SDK\Exception\InvalidTokenException;
    use Auth0\SDK\Exception\ApiException;
    use Auth0\SDK\JWTVerifier;
    use Auth0\SDK\Helpers\Cache\FileSystemCacheHandler;
    
    // Create the verifier
    try {
      $verifier = new JWTVerifier(
          'valid_audiences' => $apiConfig'Auth0']'valid_audiences'],
          'authorized_iss' => $apiConfig'Auth0']'authorized_iss'],
          'supported_algs' => $apiConfig'Auth0']'supported_algs'],
      ]);
    } catch(CoreException $e) {
           // error
    	exit;
    }
    
    // Verify token the access token.
    try {
      $decoded = $verifier->verifyAndDecode($token);
    } catch(CoreException $e) {
      header("HTTP/1.1 401 Unauthorized");
    	echo "401 Unauthorized - 6B2C6263-9EC6-48F7-B9B6-7E978B2EC5DE - " . $e->getMessage();
    	exit;
    } catch(InvalidTokenException $e) {
      header("HTTP/1.1 401 Unauthorized");
    	echo "401 Unauthorized - 1D543A6A-C6A5-4940-9C3F-066CD5755735 ";
      echo json_encode($headers);
    	exit;
    }
    
    // Check if we got a sub clam in JWT.
    if(!isset($decoded->sub)) {
      header("HTTP/1.1 401 Unauthorized");
    	echo "401 Unauthorized - C6AA49C7-5985-4191-A58B-CF0A2CF29D08 - sub empty or not defined";
      echo json_encode($headers); 
      exit;
    } else {
      $AuthSub = $decoded->sub;
    }

The “sub” claim in $decoded has the user_id. It has been a bit since I looked at it but the $decoded object might object have identity information or the token embedded. Hope this helps.


#3