nbarbettini
commented
2 years ago @mraible Can you add an example of a conforming request? I believe this is a custom parameter (not in the OIDC Core spec) that Auth0 uses, is that correct?
Open mraible opened 2 years ago
nbarbettini
commented
2 years ago @mraible Can you add an example of a conforming request? I believe this is a custom parameter (not in the OIDC Core spec) that Auth0 uses, is that correct?
mraible
commented
2 years ago I'm able to get an access token using OIDC Debugger. However, it's not a JWT. It's just an opaque string. Auth0's API does have a "Test" tab you can use to get tokens.
Once you create a test application, it shows you a cURL command you can use:
Here it is with replacements for the client ID and client secret:
curl --request POST \
--url https://dev-06bzs1cu.us.auth0.com/oauth/token \
--header 'content-type: application/json' \
--data '{"client_id":"xxx","client_secret":"yyy,"audience":"https://dev-06bzs1cu.us.auth0.com/api/v2/","grant_type":"client_credentials"}'
If added, this site can be used to obtain a JWT-based access token from Auth0. Without it, you get an opaque token.
https://community.auth0.com/t/spring-boot-jwe-not-configured/80106