Token Vault
Token Vault is currently available in Developer Preview. It is automatically available for your tenant.
Token Vault enables your applications to securely access third-party APIs on the user's behalf. There is no need to manage refresh tokens or build custom integrations per provider—Auth0 handles it all for you. You gain access to a wide range of external providers’ APIs and services, all through a single Auth0 integration.
When a user authenticates with a supported identity provider and uses OAuth scopes to authorize access, Auth0 stores the refresh and access tokens for that connection, otherwise known as a federated connection, in the Token Vault. Token Vault organizes federated access and refresh tokens into tokensets, with one tokenset per authorized connection.
You can then call downstream APIs using these stored credentials via Auth0 to get a user’s Google Calendar events, access GitHub repos, create a Microsoft Word document, and more.
For Early Access, Token Vault supports the following social and enterprise identity providers:
Google
Microsoft
Box
Slack
GitHub
OpenID Connect
Custom connection
How it works
When a user authenticates with a supported identity provider and authorizes the federated connection:
Auth0 uses OAuth scopes to control access—users explicitly approve requested permissions.
Auth0 securely stores federated access and refresh tokens in the Token Vault.
The application links user accounts with the user's consent. As a result, the user won’t have to create separate accounts for each identity provider.
Your application calls Auth0 to exchange a valid Auth0 refresh token with an access token from a federated connection to call third-party APIs on the user’s behalf. Your application can perform this exchange multiple times. Auth0 manages refreshing the access tokens of federated connections stored in the Token Vault.
Token Vault allows for seamless federated identity and simplifies integration across multiple providers via a single Auth0 interface.
Common use cases
Learn about some common Token Vault use cases:
A user downloads a productivity app that integrates with Auth0 and connects their Google and Microsoft user accounts. With user account linking, they can log into the productivity app using a single set of credentials managed by Auth0.
An AI agent integrated into an application calls third-party APIs to perform tasks on the user’s behalf, such as scheduling a meeting in Google Calendar.
Get started
To get started with Token Vault, read the following:
| Read… | To learn… |
|---|---|
| Configure Token Vault | How to configure the Token Vault. |
| Access Token Vault Flow | How an application accesses the Token Vault to get an access token to call third-party APIs. |