doorman icon indicating copy to clipboard operation
doorman copied to clipboard
verified publisher icon mozilla

Support access tokens in JWT format

Open leplatrem opened this issue 8 years ago • 0 comments

According to this: https://auth0.com/docs/tokens/access-token#access-token-format

  • If the audience is set to YOUR_AUTH0_DOMAIN/userinfo, then the access token will be an opaque string.
  • If the audience is set to the unique identifier of a custom API, then the access token will be a JSON Web Token (JWT).

When the audience is set to a custom API and the scope parameter includes the openid value, then the generated access token will be a JWT valid for both retrieving the user's profile and for accessing the custom API. The audience parameter of this JWT will include two values: YOUR_AUTH0_DOMAIN/userinfo and your custom API's unique identifier.

Currently, in Doorman's codebase and documentation we only considered Access token opaque strings and JWT ID tokens. We should consider JWT Access tokens too.

leplatrem avatar Jan 31 '18 10:01 leplatrem