Only receiving access token from end point

Hello,

I am following the guide to retrieving the id, access, and refresh token for a nodejs project. I am utilizing authorization_code flow, where the user logs in via the default auth0 account login(non-3rd party login).

When I make the request successfully I only receive the users access token, but not the id token.
I am making the request to the /oauth/token with the authorization code present.

Here is the guide I am following:Call Your API Using the Authorization Code Flow

Here is my server code:

const getAuth0Tokens = async(code)=>{
    console.log(`code => here ${code}`)
    var options = {
      method: 'POST',
      url: 'https://********.us.auth0.com/oauth/token',
      headers: {'content-type': 'application/x-www-form-urlencoded'},
      data: new URLSearchParams({
          client_id: '*************clientId**********',
          client_secret: '*************clientSecret**********',
          audience: 'https://localhost:3000/login.html',
          grant_type: 'authorization_code',
          redirect_uri:"https://localhost:3000/login.html",
         code:`${code}`            
      })
    };

    
    return await axios.request(options).then(function (response) {
        console.log("data from auth0 token call " + JSON.stringify(response.data));
        const {id_token,access_token, refresh_token, token_type, expires_in} = response.data;
        return {id_token, access_token, refresh_token, token_type, expires_in}
    }).catch(function (error) {
      console.error(error);
    });
}

Here is the response:

The request is returning successfully with 200 status response. For more context I am on the free subscription account tier.

Could the error be due to mu auth0 account configuration? or maybe something else.

Hello there @mayyar.alatari welcome to the community!

Looking at this response, there isn’t any scope(s) defined and therefore only an access token will be returned - In order to receive an ID token you will need to include the openid scope, and in order to receive a refresh token you will need to include the offline_access scope.

Hope this helps!

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.