@sandeep_varma I am not familiar with Auth0 all that much but I would like to better understand the issue you are facing.
Can you give us some more information on exactly what you are doing? What I am most interested in is the call to Auth0 to get the JWT. I am trying to figure the issue out myself but as mentioned, not familiar with Auth0 and how they create JWT’s
I am using postman to generate AuthO token. I am using Oauth 2.0 to generate that when i click on Get new access token and enter all required information it is generating both Access token and Id_token where in my case Id_token id JWT token. i want to copy that to my authorization but i am not able to do that every time it is copying Access token. it would be helpful for me some how i can copy id_token
@sandeep_varma I think I understand what you are trying to do.
Can you provide me a sample of the response body from this Auth call? Just remove or edit the data, I only really need to schema of whats returned.
@tmccann, I think Sandeep and I are attempting a similar workflow.
When you set up postman to get an Oauth 2 access token you can pretty easily set it up so that it will request an access token from Auth0. It’s a very common workflow with a JWT setup to specify the scope as “openid email profile” as in my screenshot below so that you get a JWT back.
When you do this, in the second screenshot you can see that postman has a field for “Access Token” and another for “id_token”. The “id_token” is the JWT, which is great, and seems very close to what we need. However, there doesn’t appear to be any way to use the “id_token” in the Authorization header rather than the “Access Token” that it uses by default. I don’t think this issue is specific to Auth0, but AWS Cognito and pretty much any service using Oauth 2 with JWTs will have a similar implementation.
I would like this capability as well. I can copy the value of the id_token from the manage access tokens modal and paste it into the token text field and Postman does send that as the Bearer token so it works but isn’t as convenient as having an option to configure PM to use id_token or to take an alternative action in place of “Use Token” to use id_token instead of the access token.
Postman team could add an option to select what token we want to provide on Bearer on our api calls, in this case having possibility to select the id_token instead of access token.
As I see, there is no progress on this topic for the last year and I can’t see any intention from the team to add the feature. Is there anything blocking from doing it or requires some additional research?
I would like to help as much as possible because it seems to be a simple and very powerful feature out of the box…
Could it be that it is just a paid feature, so the Postman team does not add it?
Auth0 authentication needs the audience, but Postman doesn’t allow us to specify this parameter. In this case we need to set the default audience in the Auth0 account. After changing this parameter you will receive the right token