Auth0 Home Blog Docs

Implicit access_token Opegue, not JWT? OIDC Enabled


#1

Hello,

I need JWT for access token but getting opaque access token when I call for an implicit grant. Below is the login url I am using…

        const loginUrl = "https://<tenant>.auth0.com/authorize"
            + "?client_id=" + client_id 
            + "&response_type=id_token%20token"
            + "&connection=Username-Password-Authentication"
            + "&nonce=" + nonce
            + "&redirect_uri=http://app.url:5000/auth"
            + "&scope=openid%20profile%20email

ID token I am getting is jwt but not access token. How do I get JWT for access token?


#2

Hi @prionkor
Auth0 only issues a JWT access token if you include the audience parameter in the request indicating that the application wants access to an API you’ve defined in the Auth0 tenant. If you don’t specify the audience in the authorize request, the access token is only useful to call Auth0’s OIDC userinfo endpoint (/userinfo), and in that case Auth0 generates a simpler, opaque token.


#3

Thank you! I was able to get JWT following your instruction!

My modified code:

        const loginUrl = "https://<tenant>.auth0.com/authorize"
            + "?client_id=" + client_id 
            + "&response_type=id_token%20token"
            + "&audience=" + audience
            + "&connection=Username-Password-Authentication"
            + "&nonce=" + nonce
            + "&redirect_uri=http://app.url:5000/auth"
            + "&scope=openid%20profile%20email