Auth0 Home Blog Docs

No longer able to get ID Token on non-OIDC client


Our non OIDC client has been working fine until one day ago (March 13, 2018).

We used to be able obtain the ID Token from the response by specifying response_type=token. For scope we are including “openid” among other things.

Since yesterday, the response is too long for our application and does not include the ID Token.

Specifying response_type=id_token token seems to fix the issue (although this results in a state string mismatch). We do not have “OIDC Conformant” enabled on this client.

We were not expecting this behavior to suddenly change without notice! Our software is deployed in a .NET desktop application, so our customers will no longer be able to log in with their current software. Is there anything that can be done to bring back the old behavior?