I have a Java MVC application and one RestAPI application. On MVC I have added auth0 integration and I am able to call login page, authenticate, and process callback request.
From this MVC application, I need to call the RestAPI and I want to use same Auth0 user to authenticate on that side and be sure the caller is authorized to complete the request and I was thinking to implement something like that:
- on MVC side, I add the Authorization token received from Auth0 into the header (Bearer)
- on RestAPI I want to implement a Java Filter to validate the token before to proceed. (i.e. calling the /userinfo api to retrieve userdata and in case of success proceed)
So, for first, is it the proper way to do that? (We did in past in other projects but not sure it is correct), I have seen on the Auth0 dashboard it is possible to authorize application (machine to machine auth) but it is not clear at that point, how to handle user management.
Second thing, I have tested manually and I did not have to add the ClientID or Secret Id to retrieve the user info as soon as I have a valid access token, is there a way to force to add the token for the external RestAPI application to every call?
I really appreciate who will help me and, please, be patient if my request is stupid or repetitive… I read a lot of stuff during last week, it’s Friday, I am tired, and I have to provide feedback about that before “yesterday”…