Auth0 Home Blog Docs

Is it possible to show user token after login using Hosted Page? ie: no redirect and no app running



I’d like people to go to my hosted login page, sign up or sign in, then get their token so they can copy and paste it to use elsewhere.

Is that possible?


No, that it is not possible as the hosted login page will provide the authentication response (which would be the tokens or a grant in case of success) through the means to a redirect that will ultimately cause the response to be communicated to a client application. In other words you need to have a client application in order to perform the OAuth 2.0 flows supported through the hosted login page.

Having said that, of course you can have a very simple client application that does nothing more than display the token to the end-user. However, such thing would not be recommended as those tokens were issued to a client application. What you describe is similar to what GitHub calls personal access tokens which would be something that and end-user can provide to a given application instead of their password, but that would still allow the application some sort of access to the end-user account. At this time, there is no support for those sort of token, however, this is something that would likely be available in the future.

Repeating what I mentioned before, trying to hack that functionality by exposing client application issued tokens to the end-user is not recommended and would likely introduce some security issues depending on the implementation.