Auth0 Home Blog Docs

ID Token in Hook



In a Post User Registration, how can I get the ID Token that will normally be returned in the response?


Please explain your use case a bit more for us to be able to help you. The id_token is not available in hooks.


Thank you. I’m trying to create another account on another service, after the Auth0 account has been created. This other service can only validate HS256 ID tokens.


As mentioned already the ID token associated with the currently authenticated user is not available in the hook. Also have in mind that the ID token that will be issued is meant to be used only by the client application that requested it; sending it to another service is not correct and given the use of HS256 it would imply that the other service knows the key to validate the token which would also imply that the other service could issue ID tokens that would also be considered valid by your client application.

A hook can be seen as a service-like/non-interactive application given there’s no end-user involved so the correct approach for a service/non-interactive client application to call into another service/API would be for that API to support an authorization method that can be leveraged by these types of applications.

Acceptable approaches would be:

  • The API accepts an API key that the hook would include in the request.
  • The API accepts a bearer JWT access token (can be signed using HS256) that the hook can obtain by itself without end-user interaction. This token could be obtained in more than one way:
    • If it’s acceptable for the hook to have knowledge of the HS256 key that the token could be generated by the hook itself using a JWT creation library. (not recommended)
    • If the API is configured in the Auth0 Dashboard then the hook can perform a client credentials grant to obtain the access token.