Store both access_token and id_token, not mutually exclusive #1628
Replies: 2 comments
-
I'm with you here on this one. It's been a problem for the past year for me. |
Beta Was this translation helpful? Give feedback.
-
I am facing a similar problem. I would like to use the ID token for Hasura authorization. Also, the authentication process requires access to the Auth0 API, which requires an access token. https://auth0.com/docs/security/tokens If multiple responseTypes are set in I can get ID token by specifying only I want a mechanism that can obtain both an access token for login and an ID token for using the application. |
Beta Was this translation helpful? Give feedback.
-
This is a request as follow up to the closed issue, #366.
I seem to be running into a similar issue using the identity provider support for Cognito User Pools. According to the documentation, /userinfo must send an access_token: https://docs.amazonaws.cn/en_us/cognito/latest/developerguide/cognito-user-pools-oidc-flow.html
However, to authenticate a user with an integrated API Gateway using the Cognito User Pool Authorizer, the id_token must be used: https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-enable-cognito-user-pool.html
So this is yet another use case where the auth library needs to store both the access_token and the id_token.
Beta Was this translation helpful? Give feedback.
All reactions