とりあえず ID Token とか取得したい
- Auth0 Extensions の Auth0 Authentication API Debugger というのを使うと楽
- ブラウザ上でポチポチすれば Authorization Code grant して code と Token を交換してくれる
ユーザーの Sign Up を防ぎたい
How do I disable new user sign-ups - Auth0 Community
Username-Password-Authentication の Settings で
Disable Sign Ups を有効化すれば OK
At this time, there is no support for JWE either when JWT’s are used as ID tokens or access tokens. Like you mentioned, encrypted JWT’s do not have a very widespread use unlike their signed peers (JWS) which is also what it’s currently available in Auth0 by supporting both HS256 and RS256 signed ID tokens and access tokens (when applicable).
The use of HTTPS does imply that the actual JWT data while in-transit between client and server gets encrypted. However, as soon as the HTTPS connection is terminated the token contents could be decoded and available without any sort of decryption. In general, you will not want to include sensitive information within these tokens so the matter ends up being a non-issue.
AWS の IAM SAML Provider として使いたい
Configure Amazon Web Services for Single Sign-On