Opaque token example

Can some please provide me an example of getting back a opaque token. I’ve tried both /oauth/token and /authorize with no luck.

I’ve already referenced the docs but they appear to be a bit anemic. I can successfully get back a JWT token but I need a opaque token to work with our app.


@blackhawk Welcome to the Auth0 Community!

Opaque token is a form of Access token which is provided if you have not added an “Audience” Parameter in the /authorize request. If you add an audience parameter it will provide you a JWT token. Without audience it will be an opaque token.

Let me know if that helps!

1 Like

Thank you for the response…

But what am I missing because if I look at your API doc for /authorize there is no reference to the audience parameter. I get not found if I use the recommended parameters and no value for audience.

If I remove the audience from /oauth/token the request returns access denied. For /oauth/token if I include audience and a value I get a JWT but need a opaque.

Hey @blackhawk, how are you testing these flows?
Usually a quick start would be ideal since it has the flows implemented to work as an authentication as well as authorisation flow. Audience can be configured

1 Like

I’m trying to perform API testing for our application that uses g-suite. I’m looking to get authenticated and then pass the token along as I test. I’m using postman as a testbed. I’ve seen your tutorials and as mention have it working w/ JWT, but need opaque. Please let me know if there is more needed.

I have it working. In case this is helpful for anyone else I used the following setup. Next call /userinfo to validate your token.

realm is the name of the dB connection name under ‘connections’
also under your ‘applications’ under advanced enable grant-type of password
under that tenant set a user with Username-Password-Authentication credentials

Request Body
grant_type: “http://auth0.com/oauth/grant-type/password-realm
client_id: “[CLIENT_ID]”
client_secret: “[CLIENT_SECRET]”
username: “[EMAIL_USERNAME]”
password: “[PASSWORD]”
scope: “openid profile email”

With this I get back a access_token and id_token. I send the access token to the /userinfo and get back user details.