If you are using Auth0 Lock and trying to get a JWT token returned

adam.recvlohe · June 4, 2018, 11:46pm

I searched far and wide to find this solution and now trying to reduce the pain for others. I am using the latest version of Auth0 Lock, "auth0-lock": "^11.7.0". I was trying to figure out how to get back a JWT and not just the opaque string that is the accessToken. The answer is to update the config options for responseType to be responseType: 'token id_token'. Full options object I have.

const options = {
  container: "lock-container",
  allowSignUp: false,
  auth: {
    responseType: "token id_token",
    redirect: false,
    sso: true,
    params: {
      scope: "openid profile email",
    },
  },
};

kimcodes · June 25, 2018, 2:10pm

@adam.recvlohe thanks for sharing! So your issue was you were expecting a JWT but instead were getting an opaque token? There are a few reasons this could be happening. A few include when the audience for an API is not specified, using a social IdP and the keys are not setup, or when the audience is /userinfo an opaque token will always be issued.

https://auth0.com/docs/tokens/access-token#access-token-format

system · September 6, 2018, 2:55pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.