Support organization parameter in Refresh Token and Password flow

Feature: Add support for organization parameter in Refresh Token and Password flow.

Description: Authorization Code currently supports the organization parameter, Authenticate a user through an organization. It is not only that org_id claim is being added to the token, but also the information about the organization is added to the rule/action context. However, this is not the case for Refresh Token and Password flow, where the parameter is being ignored.

Use-case: Currently, we have to make a separate request to Organizations API, which is a part of Management API, in order to get organization information in our custom rules, when we handle authentication in Refresh Token and Password Flow. Having organization info pre-populated in the context (it is how it works now with Authorization Code) is very convenient, because it allows us avoiding hitting Management API rate limits and besides improves performance of the authentication process.

I would like to add an important detail here. Refresh Token flow indeed sets the org_id claim, if the refresh token itself has previously been obtained with the organization parameter. However, in our case, we would like the parameter to be supported in the refresh token request, so that an Organization could be selected, even though it has not been selected on the initial authentication.

Hey @serp thanks for the feedback :smile:

Our product team monitors these requests for community engagement so let’s hope this gets some upvotes from other members! :chart_with_upwards_trend:

1 Like

Feature: Endpoint similar to get token with “Resource Owner Password” api authentication endpoint but with ORG_ID included.

Description: Call to the API Authentication of Auth0. When token is received get the org_id inside it. Pass the organization_name or org_id in the headers.

Use-case: In my case I have a native app that use internal login, I would like to do my login and use organizations and users with auth0, I can´t use universal login or any kind of login with auth0. I need to use my own form.

1 Like

Hey there @dlago! You’re correct in that as is, you can only authenticate a user through an organization via a call to /authorize. Let’s hope this gets some traction with other community members, thanks for the feedback!


Hi all, I merged these topics/votes as they are similar. Thanks!