No payload in access token for idp initiated sso

mouhcinefd · August 22, 2022, 4:53pm

Hello,

I tried to implement the workflow to use IDP Initiated SSO with Auth0.

I’ve done everything and everything looks great.

However, I still have a problem with the access token I receive.

It does not have a payload part and it take by default the application ID as audience, but for the id token everything is good.

If someone can help

Thanks

tyf · August 22, 2022, 10:51pm

Hi there @mouhcinefd welcome to the community!

Good to know you’ve got everything working up to this point

Are you using a SAML IdP-Initiated flow as outlined here?

Let us know and we can go from there!

mouhcinefd · August 23, 2022, 8:53am

Thanks for your response @tyf

yes Im using the SAML IdP-Initiated flow with machine to machine app
and for the response protocol im using openid

I used this doc to do the setup for development environment testing

tyf · August 23, 2022, 11:57pm

No problem, I’m happy to help and thanks for confirming!

The opaque access token in this context is expected behavior due to the security risks associated with type of flow - Overall, this approach is not recommended for reasons mentioned in the link I referenced initially. The only potential “workaround” is to go through the IdP Initiated flow and then immediately follow it up with a prompt=none (silent authentication) request to /authorize - If consent has already been granted , this will let you get a valid JWT access token.

This is again not a recommended approach, but possible with additional work.

mouhcinefd · August 24, 2022, 12:49am

Yes I know this way is not recommended but I don’t have a chose I have to use it (the requirements of client)

I already tested with prompt=none but didn’t work always get an access token without the payload part

@tyf how i can know If consent has already been granted ??

tyf · August 24, 2022, 9:08pm

Gotcha!

That’s great you were able to get the authorize request working in general - Would you mind sharing a HAR file with me directly wherein you capture this entire flow? I might be able to glean some information from the requests involved.

I’ll be honest in that I am not very familiar with this flow myself, but I’d expect to see a consent prompt.

tyf · September 8, 2022, 9:09pm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
IdP-Initiated SSO - Audience is Ignored Help saml , jwt , sso , access-token , samlp	3	4013	March 2, 2018
Access token not a JWT after SAML IDP initiated SSO Help saml , sso , idp-initiated	2	7289	September 10, 2018
SPA + API and IdP initiated SSO Help sso , idp-initiated	2	5328	August 30, 2019
Invalid access token IdP initiated SSO Auth0 (SP) Okta (IdP) Help sso , auth0js , openidconnect , saml2 , idp-initiated	7	7150	December 17, 2018
IdP-Initiated SSO flow question Help saml , sso , idp-initiated	1	3806	March 11, 2020

No payload in access token for idp initiated sso

Related Topics