identities array on the user object under the element for the particular connection. To securely access tokens for a specific user, you need an access token for the Management API that includes the read:user_idp_tokens scope. Then, you can make an HTTP GET call to the Get a User endpoint to retrieve the tokens.
For admin users of Enterprise connections set up using an consent flow, the identity provider tokens are available in the connection object. To securely access tokens for a connection, you need an access token for the Management API that includes the read:connections scope. Then, you can make an HTTP GET call to the Get a Connection endpoint to retrieve the tokens.
The contents of third-party access tokens will vary depending on the issuing identity provider. Because tokens are created and managed by a third-party (such as Facebook, GitHub, etc.), the validity period for third-party tokens will vary by the issuer. If you believe these tokens have been compromised, you must revoke or reset them with the third-party that issued them.
Renew third-party tokens
There is no standard way to renew identity provider access tokens through Auth0. The mechanism for renewing identity provider access tokens varies for each provider. For certain identity providers, Auth0 can store a refresh token, which you can use to obtain a new access token for the identity provider. Here is a list of some of the identity providers:- BitBucket
- Google OAuth 2.0 (pass the parameter
access_type=offline, as well theconnection_scopeparameter with required scopes, when calling the Auth0/authorizeendpoint) - Any other OAuth 2.0 identity provider
- SharePoint
- Azure AD