Auth0 Home Blog Docs

IdToken from iOS SDK Different Lock



We are moving from using Lock to a custom login screen. We used to use the default Lock object and call onAuth before retrieving the idToken from the returned credentials.

We are now calling Auth0.authentication().login without setting a scope or audience (we are also not OIDC conformant right now). However, the idToken returned is longer than the idToken returned by Lock.

I am a little confused as what to do, so any help is greatly appreciated!


To see which claims are included in the token, you can decode it here:
Please do note that in the legacy flows (non OIDC conformant, as you mention), the entire user profile is returned in ID Tokens, so what you’re seeing is expected behaviour. You can read more about it here:


Thanks! I used the tool you linked to and found that indeed the Scope (Payload) was different between the two. However, I also saw that the algorithm referenced in the Header also changed. Is this expected?

The new token is not being accepted by our backend so I am wondering if this is the reason.


If you go to your client settings, select the client you’re using, click Show Advanced Settings at the bottom and select the OAuth tab, you’ll be able to see the algorithm used in the JsonWebToken Signature Algorithm.


If you are using different clients between Lock and your new custom UI you should also make sure the client settings are the same. If you are using an audience or have the OIDC conformant switch enabled on the new client, check also the algorithm in the API, for the algorithm used with the access token.


We are using the same client and are not using an audience.
In fact, when making the same (I think) API call from the Android SDK, the ‘correct’ ID Token is returned.