Get ID Tokens

To get an ID token, you need to request them when authenticating users. Auth0 makes it easy for your app to authenticate users using:

Control ID token contents

You control which claims about the authenticated user are included in the ID token consumed by your application by including specific OpenID Connect Scopes in the scope parameter when you request tokens while authenticating users.

You can also create custom claims, which are claims that you define, control, and add to a token using a rule. As with other JWTs, you should validate an ID token before assuming that its contents can be trusted.

Renew ID tokens

By default, an ID token is valid for 36000 seconds (10 hours). If there are security concerns, you can shorten the time period before the token expires, but remember that one of the purposes of this token is to improve performance by caching user information.

After an ID token has expired, you may want to renew your ID token. To renew the ID token, you can either re-authenticate the user using Auth0, or use a refresh token.

Learn more