Auth0 Home Blog Docs

Social Auth Custom Login Page



I have a custom login page setup due to requirements for the Angular 4 front-end I am working on. Database Auth is working as expected however the social auth is not. For my social Auth I am using the auth0.js SKD and doing a webAuth.authorize({ connection: ‘google-oauth2’ });

The issue is that it doesn’t return as expected, it sets a key and value in localStorage but I don’t get anything back to retrieve the access token. Am I missing something here, how do I get my accessToken from the Oauth providers requests? This isn’t really explained in the docs from what I see, unless I missed it.


There are two “access_tokens” that can be retrieved for social connections;

  1. The Auth0 access_token in order to call your API (registered as an API in Auth0), or
  2. The social identity provider’s access_token (E.g. Google access_token), in order to call Google’s APIs on behalf of the user.

For situation 1, you will need to provide the relevant audience parameter in the auth request. This is outlined further in the Auth0.js docs.

For situation 2, you will need to make a call to the Management API in order to obtain the access_token for the third party idP.

Identity Provider (IdP) access tokens
can be obtained after the user has
authenticated with the IdP by making
an HTTP GET call to the
/api/v2/user/{user-id} endpoint
containing an Auth0 API token
generated with read:user_idp_tokens
scope. The access_token for the IdP
will be available in the identities
array, under the element for the
particular connection.

Taken from:


The Auth0 access_token is the one I am looking for. I guess my question would be how do I retrieve the token? For example with webAuth.client.login() method I can pass a callback to get the authorization results but I don’t get any output with when doing the webAuth.authorize({ connection: ‘google-oauth2’}). I am already providing an audience of, am I using the wrong one by chance.


Figured it out, it’s easy to miss that it is returned in the url. It’s just a quick flash when it calls back.