Using ID Token
The ID Token Auth flow (JWT Bearer Grant Type)enables OAuth 2.0 clients to obtain access tokens by presenting a signed JWT to the authorization server.
This method is particularly useful for server-to-server communication, where user interaction is not feasible.
Prerequisite
- Set up and register your IdP for ID tokens using the tutorials in Setting up IdP for ID Token and Register your IdP.
1. Get your ID token
Send the following request by replacing yourAuth0Domain, username, password, yourApiIdentifier, yourClientId and yourClientSecret to get the id_token. Refer to Setting up IdP for ID token to get your API identifier.
curl --request POST \
--url 'https://{yourAuth0Domain.us.auth0.com}/oauth/token' \
--header 'content-type: application/x-www-form-urlencoded' \
--data grant_type=password \
--data 'username={username}' \
--data 'password={password}' \
--data 'audience={yourApiIdentifier}' \
--data scope=openid \
--data 'client_id={yourClientId}' \
--data 'client_secret={yourClientSecret}'
Upon a successful request, you'll receive an HTTP 200 response with a payload containing access_token, refresh_token, id_token, token_type, and expires_in values:
<span><span style="color: var(--shiki-color-text)">{</span></span>
<span><span style="color: var(--shiki-color-text)"> </span><span style="color: var(--shiki-token-function)">"access_token"</span><span style="color: var(--shiki-token-function)">:</span><span style="color: var(--shiki-color-text)"> </span><span style="color: var(--shiki-token-string-expression)">"eyJz93a...k4laUWw"</span><span style="color: var(--shiki-token-string)">,</span></span>
<span><span style="color: var(--shiki-color-text)"> </span><span style="color: var(--shiki-token-function)">"refresh_token"</span><span style="color: var(--shiki-token-function)">:</span><span style="color: var(--shiki-color-text)"> </span><span style="color: var(--shiki-token-string-expression)">"GEbRxBN...edjnXbL"</span><span style="color: var(--shiki-token-string)">,</span></span>
<span><span style="color: var(--shiki-color-text)"> </span><span style="color: var(--shiki-token-function)">"id_token"</span><span style="color: var(--shiki-token-function)">:</span><span style="color: var(--shiki-color-text)"> </span><span style="color: var(--shiki-token-string-expression)">"eyJ0XAi...4faeEoQ"</span><span style="color: var(--shiki-token-string)">,</span></span>
<span><span style="color: var(--shiki-color-text)"> </span><span style="color: var(--shiki-token-function)">"token_type"</span><span style="color: var(--shiki-token-function)">:</span><span style="color: var(--shiki-color-text)"> </span><span style="color: var(--shiki-token-string-expression)">"Bearer"</span><span style="color: var(--shiki-token-string)">,</span></span>
<span><span style="color: var(--shiki-color-text)"> </span><span style="color: var(--shiki-token-function)">"expires_in"</span><span style="color: var(--shiki-token-function)">:</span><span style="color: var(--shiki-color-text)"> </span><span style="color: var(--shiki-token-constant)">36000</span></span>
<span><span style="color: var(--shiki-color-text)">}</span></span>
<span></span>2. Call your API
Send the following request to your API to get a response with an access token that can be used in the GraphQL playground to run queries.
<span><span style="color: var(--shiki-token-function)">curl</span><span style="color: var(--shiki-color-text)"> </span><span style="color: var(--shiki-token-string)">-X</span><span style="color: var(--shiki-color-text)"> </span><span style="color: var(--shiki-token-string)">POST</span><span style="color: var(--shiki-color-text)"> </span><span style="color: var(--shiki-token-string)">https://ims-emhxdwz401.erp.dev/oauth2/token</span><span style="color: var(--shiki-color-text)"> \</span></span>
<span><span style="color: var(--shiki-color-text)"> </span><span style="color: var(--shiki-token-string)">-F</span><span style="color: var(--shiki-color-text)"> </span><span style="color: var(--shiki-token-string)">grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer</span><span style="color: var(--shiki-color-text)"> \</span></span>
<span><span style="color: var(--shiki-color-text)"> </span><span style="color: var(--shiki-token-string)">-F</span><span style="color: var(--shiki-color-text)"> </span><span style="color: var(--shiki-token-string)">assertion={id_token}</span></span>
<span></span><span><span style="color: var(--shiki-color-text)">{ </span></span>
<span><span style="color: var(--shiki-color-text)"> </span><span style="color: var(--shiki-token-function)">"access_token"</span><span style="color: var(--shiki-token-function)">:</span><span style="color: var(--shiki-token-function)">"0wxc8b...DQxfFtx"</span><span style="color: var(--shiki-token-function)">,</span></span>
<span><span style="color: var(--shiki-color-text)"> </span><span style="color: var(--shiki-token-function)">"refresh_token"</span><span style="color: var(--shiki-token-function)">:</span><span style="color: var(--shiki-token-function)">"khScdBQ...p6OmDoY"</span><span style="color: var(--shiki-token-function)">,</span></span>
<span><span style="color: var(--shiki-color-text)"> </span><span style="color: var(--shiki-token-function)">"expires_in"</span><span style="color: var(--shiki-token-function)">:86400</span></span>
<span><span style="color: var(--shiki-color-text)">}</span></span>
<span></span>