Token Vault
Token Vault is currently available in Early Access. It is automatically available for your tenant.
Token Vault enables your applications to securely access third-party APIs on the user's behalf. There is no need to manage refresh tokens or build custom integrations per provider—Auth0 handles it all for you. You gain access to a wide range of external providers’ APIs and services, all through a single Auth0 integration.
When a user authenticates with a supported external provider and uses OAuth scopes to authorize access, Auth0 stores the access and refresh tokens for that connection in the Token Vault. Token Vault organizes the federated tokens issued by external providers into tokensets, with one tokenset per authorized connection.
You can then call the external provider's APIs using these stored credentials via Auth0 to get a user’s Google Calendar events, access GitHub repos, create a Microsoft Word document, and more.
For Early Access, Auth0 supports Token Vault for the following social and enterprise identity providers:
Google
Microsoft
Box
Slack
GitHub
OpenID Connect
Custom connection
How it works
When a user authenticates with a supported external provider and authorizes the federated connection:
Auth0 obtains access tokens using OAuth 2.0 scopes to control access. Users explicitly approve requested permissions.
Auth0 securely stores federated access and refresh tokens in the Token Vault.
The application links user accounts with the user's consent. As a result, the user won’t have to create separate accounts for each external provider.
Your application calls Auth0 to exchange a valid Auth0 refresh token with an access token for a federated connection. Your application can perform this exchange multiple times while Auth0 manages refreshing the federated access tokens stored in the Token Vault. Using a federated access token, your application can call third-party APIs on the user’s behalf.
Token Vault allows for seamless federated identity and simplifies integration across multiple external providers via a single Auth0 interface.
Common use cases
Learn about some common Token Vault use cases:
A user downloads a productivity app that integrates with Auth0 and connects their Google and Microsoft user accounts. With user account linking, they can log into the productivity app using a single set of credentials managed by Auth0.
An AI agent integrated into an application calls third-party APIs to perform tasks on the user’s behalf, such as scheduling a meeting in Google Calendar.
Get started
To get started with Token Vault, read the following:
| Read… | To learn… |
|---|---|
| Configure Token Vault | How to configure the Token Vault. |
| Access Token Vault Flow | How an application accesses the Token Vault to get an access token to call third-party APIs. |