Opaque Versus JWT Access Token

community September 17, 2019, 7:57pm 1

Overview

This article describes the different formats for access tokens, specifically comparing opaque tokens and JSON Web Tokens (JWTs).

Applies To

Access Token

Solution

Please check out the video and the information below:

An access token will be issued in one of the following formats:

JSON Web Token (JWT): These tokens follow the JWT standard and contain claims (information about an entity). They are self-contained, meaning the recipient does not need to call a server to validate the token. Access Tokens for the Auth0 Management API or custom APIs registered with Auth0 are typically JWTs.
Opaque Token: These tokens are in a proprietary format and act as a reference to information stored on a server. To validate an opaque token and retrieve user information, the recipient must call the server that issued it (for example, using the /userinfo endpoint for tokens issued by Auth0).

To receive an access token in JWT format:

Include an audience parameter in the token request, specifying the intended recipient (e.g., the identifier of a registered custom API) as explained in Get Access Tokens

Related References

4 Likes

Access token is not JWT format

Wrong token upon getTokenSilently()

Easy way to put user role in JWT

Invoking an API from a SPA with getTokenWithPopup/getTokenSilently -- is there a better way to do this?

Can I authenticate a session in a NodeJS serverless function when I'm using Auth0 Passwordless on my front end?

Get jwt access token using react-sdk (getAccessTokenSilently)

Auth0 access token missing returns only opaque

Trying to validate Access token with Auth0 PHP, but I get The JWT string must contain two dots

Audience yes, no, why?

Access token empty on successful login

How to verify a if access token

Angular and .NET 6 integrated

What is your best practice guidance for a Rails API - use an opaque or JWT-based access token?

How to get access token with HMAC algorithm?

How to use opaque token in Flask Backend?

How to get bearer token from auth0 instance? [Javascript]

Auth0 Architecture and setup for React / Spring Boot

Passwordless Flow initiated via API returns "short" token and does not play well on nextjs-auth0

Latest Angular with a .net 5 back end api

Resource Owner Password Flow - Rules are not executed

Validate Bearer access_token from Device Authorization flow

Auth0-php regular web app + API

What does 'JWT must have 3 parts' mean?

Zapier Integration

Understanding RS256 Tokens

Auth0 token not RS256

The JWT string must contain two dots

Broken access_token when calling from .net

Issue with Decoding Access Token when passing from NextJS to Flask

Next.js API Routes RBAC

Converting from ID Token to Access Token in "Single-Page App"

Auth0 JWT Malformed, also token is A256GCM

Expo Implementation. Invalid access_token

Missing a alg header

My api is throwing 401 unauthorized when I log in

Custom Claims added to accessToken not being returned from /userinfo

Access_token too short ~ jwt malformed

ASP Core 7 : Examples on how to consume opaque access tokens in pair with JWT?

Error calling my external API

BadRequestError: failed to decode JWT (TypeError: encrypted JWTs cannot be decoded)

Payload in access token is empty after google sing in by Auth0

JWT token is "invalid signature"?

JWT Missing Payload

Decode JWE's access token

WSAM - KrakenD API

Passwordless Magic Link Missing Payload Section

Next.js invalid token using middleware, which token to use?

Access token giving unauthorized in backend

Confusion on /userinfo vs. /api/v2/users/{id} apis

Setup OIDC Server to use with Plaid Core Exchange

Access token payload is empty. i want the user permissions and roles to show in payload fields

Auth Token via Postman has no payload

Verifying token in Azure API Management (APIM)

JWT and JWE tokens

Why is my access token an invalid format?

Authorizacion Code Flow React in React with Spring Boot Backend

JWT Validation Fails with "Invalid number of parts: Expected 3 parts; got 5" Error Message

Error while validating the JWT token. Reason: invalid signature

Receiving JWE token instead of JWT in Next.js app session

Post Login Action - Claims Missing in JWT

Triggers->postLogin->exports.onExecutePostLogin | Not reflect custom data | Not working

Unable to access api endpoints with access token from mobile app

Invalid Payload String Error When Trying to Decode an Access Token

Receiving JWT access token with one auth0 account, non-JWT token with other. Same code

Identity token does not include scopes when using authorization code flow

Auth0-angular access tokens are not JWTs

Authentication with SPA and API

Access_token or id_token

Auth0.js V9 returns invalid token altrough user info are parsed correctly

Make Request to Auth0 api from react native app

How can I test and debug access tokens / ID tokens?

Google cloud functions - auth0

Easy way to put user role in JWT

Custom Claims not being added for expo requests

Failed Silent auth (Chrome v80)

React Native passwordless without WebAuth

September Community News 2019

Topic		Replies	Views
Get jwt access token using react-sdk (getAccessTokenSilently) Get Help jwt , auth0 , access-token , react-sdk	2	6784	March 10, 2021
How to get bearer token from auth0 instance? [Javascript] Get Help jwt , auth0 , login	2	3779	May 25, 2021
How to verify a if access token Get Help access-token	2	6676	October 2, 2019
Auth0-angular access tokens are not JWTs Get Help	2	3957	November 24, 2020
How to use opaque token in Flask Backend? Get Help angular , auth0 , flask	2	3712	June 3, 2021

Opaque Versus JWT Access Token

Overview

Applies To

Solution

Related References

Related topics