The docs say (https://auth0.com/docs/api-auth/tutorials/verify-access-token):
“If the Access Token you got from Auth0 is not a JWT but an opaque string (like kPoPMRYrCEoYO6s5
), this means that your implementation follows our legacy pipeline. For info on how to use the latest and more secure pipeline, see our OIDC Conformant Authentication Adoption Guide.”
However, I have enabled “OIDC Conformant” in the advanced settings of my app and still I seem to get an opaque string as access token (the id token comes as JWT).
What do I have to do to get a the access token as JWT? I like to be fully OIDC conformant.
PS: This is part of the code I use to do the authentication:
auth0 = new auth0.WebAuth({
clientID: ‘redacted xxxxxxxx’,
domain: ‘redacted.auth0.com’,
responseType: ‘token id_token’,
redirectUri: this.prod?‘https://predacted.de/home’:'https://localhost:xxxxx/home’,
scope: ‘openid email profile’,
prompt: “login” // enforces window
});