Hello Community,
In the auth0 logs that are generated when doing management API calls, I see that there is a “jti” of the access token that has been used as authentication for that call. It is under "details/request/auth/credentials/jti in the Raw JSON log. Example:
‘auth’: {‘user’: {‘user_id’: ‘oidc|REDACTED’,
‘name’: ‘REDACTED’,
‘email’: ‘REDACTED’},
‘strategy’: ‘jwt’,
‘credentials’: {‘jti’: ‘fbc24d3b74d4a814928880d159c22135’}
My question is: given an auth0 access token, how can I obtain this jti ? Since there is no jti claim inside auth0 access tokens, I guess it must be an hash of some kind. Can someone elaborate on the hash alg and encoding ? (32 hex chars would be a 128 bits digest)
The point is to correlate the Management API logs with actual human users: I have a custom Mangement web UI interfacing with auth0 mangement API. That app handles user authentication, and obtains access tokens for the management API (using CC grant) that are specific for each user. Even if the token itself does not contain information about the real user, if I can obtain the jti for each obtained access token, then I can map each token with the real human user inside the web UI.
(the user authentication for that web app being handled by an IdP that is not Auth0, I cannot use an authorization code grant to obtain user-specific access tokens from auth0).
Thanks and Regards,
Guillaume