No IdP Access Token in Identities Array for OIDC Enterprise Connections

lihua.zhang · January 27, 2023, 9:28pm

Problem statement

Identity provider Access Token in the user identities array for OIDC Enterprise Connections is not displayed

Symptoms

There is no Access Token when the user object from API is retrieved, it is not present in the identities array.

user.identities[0].access_token is empty

Steps to reproduce

Login with OIDC Enterprise Connection
Make a request to Auth0 Management API [https://YOUR_DOMAIN/api/v2/users/$](https://your_domain/api/v2/users/$){user_id}
Get response.data.identities[0].access_token
Receiving an Empty array

Cause

Auth0 custom OIDC enterprise connection does not actually support IdP access tokens yet, however there are plans to support it.

Solution

As an alternative you could use a custom social connection:

https://auth0.com/docs/authenticate/identity-providers/social-identity-providers/oauth2

The custom social connection can be configured almost exactly like a custom OIDC enterprise connection since they both use the same OIDC protocol. The only extra piece of work that would be needed is setting up the “Fetch User Profile” script, this is to populate/sync the Auth0 user profile when the user logs in.

Topic		Replies	Views
Use Auth0 session access token to authenticate social connection API Help connections , oidc-enterprise-connection	2	580	February 26, 2024
OIDC enterprise connection claim mapping Help	4	5109	September 19, 2019
Custom Enterprise Connection requires actual call to /userinfo Help userinfo , enterprise-connectio	4	3821	February 2, 2024
IDP's access_token is missing in the profile's response Help api	13	6267	October 24, 2018
Missing id_token in Custom Social Connection fetch user profile script Help custom-social-connec	0	3420	July 8, 2020