Social with Provider's Access Token
⚠️ LEGACY ENDPOINT - This endpoint is part of the legacy authentication pipeline and is deprecated.
Status: Disabled by default for new tenants as of June 8, 2017.
Migration: Use browser-based social authentication instead, which is what Google and Facebook recommend. Use the standard /authorize endpoint with a social connection.
Given the social provider’s access token and the connection, this endpoint authenticates the user with the provider and returns a JSON with the access token and, optionally, an ID token. Only works for Facebook, Google, Twitter, and Weibo.
Authorizations
The access token received from the authorization server in the OAuth 2.0 flow.
Body
Response
Successful authentication
Successful token response containing access token and optionally ID token and refresh token
The access token issued by the authorization server. Use this token to access protected resources (APIs).
"eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IjEyMzQ1In0..."
The type of the token issued. Always 'Bearer' for Auth0.
Bearer "Bearer"
The lifetime in seconds of the access token. After this time, the token will expire and can no longer be used.
86400
The refresh token which can be used to obtain new access tokens. Only returned if 'offline_access' scope was requested.
"v1.MRHbz1VqR_y42v..."
The ID Token containing user profile information. Only returned if 'openid' scope was requested. This is a JWT containing user claims.
"eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9..."
The scopes granted by the authorization server. May differ from requested scopes.
"openid profile email"