Setup OIDC Server to use with Plaid Core Exchange

I’m working on setting up our application with Plaid’s Core Exchange network (Introduction – Plaid Core Exchange). They mention we can use auth0 to be our OIDC server but I don’t see any docs around this or how to get started.

Can someone help?

Hi @amol

Welcome to the Auth0 Community!

I took a look at Plaid’s Authentication – Plaid Core Exchange document, and it appears you should be able to create an Application within Auth0 to represent Plaid and authenticate that way.

Here’s how to create an app in Auth0:

Thanks Dan!

I’m actually just using our existing Auth0 application that we have setup in Auth0. Our user app is a NextJS app using NestJS as our backend. We use NextAuth and Passport to handle all user validation. I was able to successfully receive an access token from Auth0 through Plaid. However, the access token is invalid and we get a 401 when Plaid sends a request to our app backend. This is because Passport is unable to validate the token.

On the backend, we have setup our NextAuth callbacks as below:

callbacks: {
    async jwt({ token, account }) {
      if (account?.access_token) {
        token.accessToken = account.access_token;

        const me = await axios.get(`${process.env.NEXT_PUBLIC_API_URL}/user`, {
          headers: {
            Authorization: `Bearer ${token.accessToken}`,

        token.user = as SessionUserInterface;

      return token;
    session: ({ session, token }) => {
      const sessionKey = uuid();
      session.accessToken = token.accessToken as string;
      session.sessionKey = sessionKey;

      session.user = token.user as SessionUserInterface;

      return session;
    async signIn({ account }) {
      if (!isProduction) {
        return true;
      if (account?.access_token) {
        const userData = await axios.get(`${process.env.NEXT_PUBLIC_API_URL}/user`, {
          headers: {
            Authorization: `Bearer ${account?.access_token}`,

        const user = as SessionUserInterface;

        if (user.status === StatusEnum.ACTIVE) {
            traits: {
              firstName: user.profile?.firstName,
              lastName: user.profile?.lastName,
              country: user.profile?.countryCode,

      return true;

type or paste code here

Are you able to decode the token and inspect the claims? You can use

Yeah it has an invalid signature and there is no payload

It sounds like you may have an opaque token:

So Plaid needs to hit the /userinfo endpoint with that token?

Or they need to include an audience parameter?

If your app needs a JWT, add an audience param to the request.

that was it! thanks a lot!

1 Like

Perfect! Thanks for following up.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.