I am using the Authorization Code Flow for my application with Auth0 Organizations, where the login flow is set for Business Users > Prompt for Credentials.
I am hitting the
/authorize endpoint correctly with
scope=openid offline_access. When I test with a user who is only part of one organization, the organization picker does not show up, which is expected. When I hit the
oauth/token endpoint with the resulting authorization code, I correctly get a
id_token in the response.
However, when I test with a user who is part of multiple organizations, and I pick one via the organization picker, I suddenly lose
id_token in the response. The
access_token I get does indicate
org_id is set correctly though, so I know that the user has been authenticated successfully through the selected organization.
Why am I not getting a
id_token with a user who is part of multiple organizations. Is there some additional configuration that I am missing? Any help appreciated, thanks.