Auth0 Home Blog Docs

If you are using Auth0 Lock and trying to get a JWT token returned

lock
jwt
id_token
auth0-lock

#1

I searched far and wide to find this solution and now trying to reduce the pain for others. I am using the latest version of Auth0 Lock, "auth0-lock": "^11.7.0". I was trying to figure out how to get back a JWT and not just the opaque string that is the accessToken. The answer is to update the config options for responseType to be responseType: 'token id_token'. Full options object I have.

const options = {
  container: "lock-container",
  allowSignUp: false,
  auth: {
    responseType: "token id_token",
    redirect: false,
    sso: true,
    params: {
      scope: "openid profile email",
    },
  },
};

#3

:wave: @adam.recvlohe thanks for sharing! So your issue was you were expecting a JWT but instead were getting an opaque token? There are a few reasons this could be happening. A few include when the audience for an API is not specified, using a social IdP and the keys are not setup, or when the audience is /userinfo an opaque token will always be issued.