So I implemented the " Login Using the Authorization Code Flow" and got myself the access token, id token, and refresh token. I have previously used an access token but generated much easier with “client_credentials” just to learn the basics of token validation in my backend API endpoints. Now how do I do that with the access token I got from using the code flow method? When I paste it inside the jwt.io it has no body and invalid signature. I changed from “client_credentials” to this approach so I can also access the /userinfo endpoint from the backend, which I can now.
Thanks in advance.
Hi @alexandru.dan,
Thanks for reaching out to the Auth0 Community!
I understand that you have questions about getting an access token for validation.
From what I can tell, it seems that you have obtained an opaque access token, which cannot be decoded with jwt.io. In this case, you can directly use that opaque access token to call the /userinfo endpoint. See the Opaque Access Tokens documentation to learn more.
Let me add that the audience parameter must be specified to get an access token in the JWT format.
I hope this helps!
Please reach out if you have any additional questions.
Thank you.
1 Like