Get an ID Token
- Quickstarts: The easiest way to implement authentication, which can show you how to use dfn data-key="universal-login">Universal Login, the Lock widget, and Auth0's language and framework-specific SDKs. Our Lock documentation and Auth0.js documentation both provide specifics about retrieving an ID Token after authentication.
- Authentication API: If you prefer to roll your own, you can call our API directly. First, you need to know which flow to use before following the appropriate flow tutorial.
Control ID Token Contents
You control which claims about the authenticated user are included in the ID Token consumed by your application by including specific OpenID Connect Scopes in the
scope parameter when you request tokens while authenticating users.
Renew an ID Token
By default, an ID Token is valid for 36000 seconds (10 hours). If there are security concerns, you can shorten the time period before the token expires, but remember that one of the purposes of this token is to improve performance by caching user information.
After an ID Token has expired, you may want to renew your ID Token. To renew the ID Token, you can either reauthenticate the user using Auth0, or use a Refresh Token.