Supported external providers
Token Vault supports popular external providers, including:Social
- Microsoft
- Box
- Slack
- GitHub
- Custom social connection
Enterprise
- Google Workspace
- Microsoft Azure AD (Entra ID)
- Connect
Common use cases
Common Token Vault use cases include:- An AI agent running as a web application calls external APIs to perform tasks on the user’s behalf, such as scheduling a meeting in Google Calendar.
- An internal or backend service can access Token Vault to exchange an Auth0 access token for an external provider’s access token to call external APIs.
How it works
When a user connects with a supported external provider and authorizes the connection:- Auth0 obtains access and refresh tokens using OAuth 2.0 scopes, with the user explicitly approving the requested permissions.
- Auth0 securely stores the tokens for each connected account in the Token Vault. Because each connected account is linked to the user profile, the application can access external APIs and services without requiring the user to re-authorize the connection.
- The application calls Auth0 to exchange a user’s valid Auth0 token for an external provider’s access token, issued to that user. To learn more, read Supported token exchanges.
- Using the external provider’s access token, your application can then call external APIs on the user’s behalf.