diff --git a/EXAMPLES.md b/EXAMPLES.md
index 05789483..ea7ce100 100644
--- a/EXAMPLES.md
+++ b/EXAMPLES.md
@@ -193,6 +193,15 @@ export async function middleware(request: NextRequest) {
> [!IMPORTANT]
> The `request` object must be passed as a parameter to the `getSession(request)` method when called from a middleware to ensure that any updates to the session can be read within the same request.
+## Accessing the idToken
+`idToken` can be accessed from the session in the following way:
+
+```js
+const session = await auth0.getSession();
+const idToken = session.tokenSet.idToken;
+```
+
+
## Updating the session
The `updateSession` method could be used to update the session of the currently authenticated user in the App Router, Pages Router, and middleware. If the user does not have a session, an error will be thrown.
diff --git a/src/server/auth-client.test.ts b/src/server/auth-client.test.ts
index 83997a96..dc6fd43c 100644
--- a/src/server/auth-client.test.ts
+++ b/src/server/auth-client.test.ts
@@ -2182,6 +2182,7 @@ ca/T0LLtgmbMmxSv/MmzIg==
tokenSet: {
accessToken: DEFAULT.accessToken,
refreshToken: DEFAULT.refreshToken,
+ idToken: expect.stringMatching(/^eyJhbGciOiJSUzI1NiJ9\..+\..+$/),
expiresAt: expect.any(Number)
},
internal: {
@@ -2289,6 +2290,7 @@ ca/T0LLtgmbMmxSv/MmzIg==
},
tokenSet: {
accessToken: DEFAULT.accessToken,
+ idToken: expect.any(String),
refreshToken: DEFAULT.refreshToken,
expiresAt: expect.any(Number)
},
@@ -2633,6 +2635,7 @@ ca/T0LLtgmbMmxSv/MmzIg==
tokenSet: {
accessToken: DEFAULT.accessToken,
refreshToken: DEFAULT.refreshToken,
+ idToken: expect.any(String),
expiresAt: expect.any(Number)
},
internal: {
@@ -3026,6 +3029,7 @@ ca/T0LLtgmbMmxSv/MmzIg==
tokenSet: {
accessToken: DEFAULT.accessToken,
refreshToken: DEFAULT.refreshToken,
+ idToken: expect.any(String),
expiresAt: expect.any(Number)
},
internal: {
@@ -3120,6 +3124,7 @@ ca/T0LLtgmbMmxSv/MmzIg==
tokenSet: {
accessToken: DEFAULT.accessToken,
refreshToken: DEFAULT.refreshToken,
+ idToken: expect.any(String),
expiresAt: expect.any(Number)
},
internal: {
@@ -3249,6 +3254,7 @@ ca/T0LLtgmbMmxSv/MmzIg==
tokenSet: {
accessToken: DEFAULT.accessToken,
refreshToken: DEFAULT.refreshToken,
+ idToken: expect.any(String),
expiresAt: expect.any(Number)
},
internal: {
diff --git a/src/server/auth-client.ts b/src/server/auth-client.ts
index a30900c3..05d1b67c 100644
--- a/src/server/auth-client.ts
+++ b/src/server/auth-client.ts
@@ -490,6 +490,7 @@ export class AuthClient {
user: idTokenClaims,
tokenSet: {
accessToken: oidcRes.access_token,
+ idToken: oidcRes.id_token,
scope: oidcRes.scope,
refreshToken: oidcRes.refresh_token,
expiresAt: Math.floor(Date.now() / 1000) + Number(oidcRes.expires_in)
@@ -565,7 +566,6 @@ export class AuthClient {
}
);
}
-
const res = NextResponse.json({
token: updatedTokenSet.accessToken,
scope: updatedTokenSet.scope,
@@ -684,6 +684,7 @@ export class AuthClient {
const updatedTokenSet = {
...tokenSet, // contains the existing `iat` claim to maintain the session lifetime
accessToken: oauthRes.access_token,
+ idToken: oauthRes.id_token,
expiresAt: accessTokenExpiresAt
};
diff --git a/src/types/index.ts b/src/types/index.ts
index fd6d5e87..fddb60b5 100644
--- a/src/types/index.ts
+++ b/src/types/index.ts
@@ -1,5 +1,6 @@
export interface TokenSet {
accessToken: string;
+ idToken?: string;
scope?: string;
refreshToken?: string;
expiresAt: number; // the time at which the access token expires in seconds since epoch