Can some please provide me an example of getting back a opaque token. I’ve tried both /oauth/token and /authorize with no luck.
I’ve already referenced the docs but they appear to be a bit anemic. I can successfully get back a JWT token but I need a opaque token to work with our app.
ty
@blackhawk Welcome to the Auth0 Community!
Opaque token is a form of Access token which is provided if you have not added an “Audience” Parameter in the /authorize request. If you add an audience parameter it will provide you a JWT token. Without audience it will be an opaque token.
Let me know if that helps!
1 Like
Thank you for the response…
But what am I missing because if I look at your API doc for /authorize there is no reference to the audience parameter. I get not found if I use the recommended parameters and no value for audience.
If I remove the audience from /oauth/token the request returns access denied. For /oauth/token if I include audience and a value I get a JWT but need a opaque.
Hey @blackhawk, how are you testing these flows?
Usually a quick start would be ideal since it has the flows implemented to work as an authentication as well as authorisation flow. Audience can be configured
1 Like
I’m trying to perform API testing for our application that uses g-suite. I’m looking to get authenticated and then pass the token along as I test. I’m using postman as a testbed. I’ve seen your tutorials and as mention have it working w/ JWT, but need opaque. Please let me know if there is more needed.
I have it working. In case this is helpful for anyone else I used the following setup. Next call /userinfo to validate your token.
realm is the name of the dB connection name under ‘connections’
also under your ‘applications’ under advanced enable grant-type of password
under that tenant set a user with Username-Password-Authentication credentials
Request Body
grant_type: “http://auth0.com/oauth/grant-type/password-realm”
client_id: “[CLIENT_ID]”
client_secret: “[CLIENT_SECRET]”
username: “[EMAIL_USERNAME]”
password: “[PASSWORD]”
scope: “openid profile email”
realm: “[DATABASE_CONNECTION_NAME]”
With this I get back a access_token and id_token. I send the access token to the /userinfo and get back user details.