Overview

ID tokens are tokens provided by identity providers that contain authenticated user information and are specifically designed for authentication purposes, unlike access tokens which are used for authorization. ID tokens include claims about the user’s identity, such as user ID, name, and email, along with metadata like token expiration time and intended audience.

ID tokens serve as a secure proof that a user has already been authenticated by a trusted identity provider. When someone logs in through their device’s built-in authentication (like Sign in with Apple on iOS/macOS or Google Sign-in on Android), the system generates an ID token. This token can then be passed to your authentication service, confirming the user’s identity without requiring them to log in again. This streamlined approach works with any OpenID Connect (OIDC) provider, including popular services like Google One Tap sign-in, making the authentication process both secure and user-friendly.

Usage

To use ID tokens, you need to configure supported identity providers (currently apple and google) and make sure the audience is set correctly.

Sign in

Once everything is configured you can use an ID token to authenticate users with just a single call:

nhost.auth.signInIdToken({
  provider: 'google', // The provider name, e.g., 'google', 'apple', etc.
  idToken: '...', // The ID token issued by the provider.
  nonce: '...' // Optional: The nonce used during token generation.
})

Similarly to the Social Connect feature, you can link an identity provider to an existing user:

nhost.auth.linkIdToken({
  provider: 'google', // The provider name, e.g., 'google', 'apple', etc.
  idToken: '...', // The ID token issued by the provider.
  nonce: '...' // Optional: The nonce used during token generation.
})
Keep in mind this is an authenticated method so the user must be logged in already.

Examples

Below you can find some examples on how to extract an ID Token from various identity providers to be used with the Auth service. Keep in mind these are just some examples, use cases and sources are not limited to the examples below.

React Native

Apple

For an example on how to authenticate using “Sign in with Apple” on iOS using React Native you can refer to our sample component.

Google

For an example on how to authenticate using “Sign in with Google” on Android using React Native you can refer to our sample component.

WebAuthn and Security KeysElevated Permissions