Auth0 Home Blog Docs

Missing id_token after login (hosted login, wordpress)



I’m using the latest wp-auth0 plugin, and getting users to log in via the hosted login page. It’s a custom one using auth0.js 8, though actually I also have the same problem if I turn that off and use the default.

Login works, and users are sent to When they arrive at wordpress, the code is exchanged OK, but then while the response has an access_token in it, there is no id_token.

I have tried asking response_type=token instead of code, but wp-auth0 seems to require a code - I get missing parameter code if I do that.

I’m sure I’ve missed something, but I’m not sure what. Does wp-auth0 have specific requirements about the OAuth scopes, audiences, etc that it needs before login?

Side note: I have a passwordless connection that works perfectly, but for the life of me I can’t workout the difference. Any help would be lovely :slight_smile:


I’ve been reading up on the Authorisation Code Grant flow at, and as far as I can tell the problem is that there is no id_token in the Access Token exchange.

As I’m using the default hosted login page, the only place I can think of to tweak is my /authorize URL, which is currently I’ve tried adding &audience= as well, but no change


I worked it out. I was missing the scope in my authorize call. If I change to it works.