How to call a secured AWS API Gateway resource from a static web page?

Brng · June 2, 2018, 12:38am

Resolved. According to the docs:

If the audience is set to turingg.auth0.com/userinfo, then the Access Token will be an opaque string.

If the audience is set to the unique identifier of a custom API, then the Access Token will be a JSON Web Token (JWT).

So I had to change

var webAuth = new auth0.WebAuth({
  domain: AUTH0_DOMAIN,
  clientID: AUTH0_CLIENT_ID,
  redirectUri: AUTH0_CALLBACK_URL,
  audience: 'https://' + AUTH0_DOMAIN + '/userinfo',
  responseType: 'code token id_token',
  scope: 'openid profile email',
  leeway: 60
});

to

var webAuth = new auth0.WebAuth({
  domain: AUTH0_DOMAIN,
  clientID: AUTH0_CLIENT_ID,
  redirectUri: AUTH0_CALLBACK_URL,
  audience: '<unique identifier for my api>',
  responseType: 'code token id_token',
  scope: 'openid profile email',
  leeway: 60
});

Topic		Replies	Views
How to use Auth0 to secure an API Help api	2	3081	April 26, 2019
Static pages, AWS API Gateway, Custom Authorizers and JWT tokens: how? Help jwt , aws , lambda , api-gateway	3	6585	December 17, 2018
Securing AWS API Gateway so only logged in users can access the API Help auth0 , api , authentication , aws	0	3040	June 12, 2019
The Adventure of Access-Control-Allow-Credentials Help cors , aws , lambda , api-gateway , custom-authorizer	3	8315	September 3, 2019
Allow clients to generate tokens for AWS gateway Help auth0	10	2505	April 7, 2021

How to call a secured AWS API Gateway resource from a static web page?

Related topics