Skip to main content
profiles define the format and claims of access tokens issued for an API. Auth0 supports the following access token profiles, also known as token dialects: While both access token profiles issue , the JWTs have different token formats. Both access token profiles can enable Role-Based Access Control (RBAC) and add the permissions claim to the access token. To configure the access token profile for an API, read Configure Access Token Profile.

Auth0 profile sample token

RFC 9068 profile sample token

Token profile differences

The Auth0 profile and RFC 9068 profile issue JWTs that have different token formats. The main differences are:
  • The RFC 9068 profile incorporates the jti claim, providing a unique identifier for the JWT.
  • The Auth0 profile uses the azp claim to represent the whereas the RFC 9068 profile uses the client_id claim.
  • The RFC 9068 profile does not use the gty claim, which is an Auth0-specific claim that represents the authentication flow.

Claims