No Idp access token in identities array for OIDC Enterprise connections

Problem statement

Can’t source Idp Access Token from user identities array for OIDC Enterprise Connections.

Symptoms

There is no Access Token when retrieving the user object from API. The IdP Access Token is not present in the identities array.

user.identities[0].access_token is empty

Steps to reproduce

  1. Login with OIDC Enterprise Connection
  2. Make a GET request to Auth0 Management API https://YOUR_DOMAIN/api/v2/users/${user_id}
  3. Get response.data.identities[0].access_token
  4. Receiving an Empty array

Cause

Our custom OIDC enterprise connection doesn’t actually support IdP access tokens yet. We have a backlog item to track this issue.

Solution

As an alternative, you could use a custom social connection: Connect Apps to Generic OAuth2 Authorization Servers

The custom social connection can be configured almost exactly like a custom OIDC enterprise connection since they both use the same OIDC protocol. The only extra piece of work that is needed is setting up the “Fetch User Profile” script to populate/sync the Auth0 user profile when the user logs in.