Accessing user data between applications

NHSLA · September 27, 2023, 10:39am

Hi,

We have two applications in our tenant - one of which is a “Profile management” application that holds some user data among other pieces, the other is an actual service we run. Both applications can be logged into by the user.

What would be the correct process for the second application in our Auth0 tenant to authenticate to the profile application’s API in the user’s context in order to access their information?

Should we be authenticating the two applications using the M2M flow, or is there a better more user centric way? I’d rather limit the access of user data to the requesting user, rather than it be all or nothing and the decision being made within the Profile application.

Any pointers?

dan.woda · September 29, 2023, 12:29pm

Hi @NHSLA,

Welcome to the Auth0 Community!

For this setup, you can register the Profile API in Auth0 as a custom API with any necessary permissions. Then, from your “second application” you will request an access token for the Profile API when the user authenticates.

To get an access token specifically for this API, you will need to pass the API Identifier as the audience param when you are starting the user authentication.

Let me know if you have any questions.

system · October 13, 2023, 12:29pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
APIs and permissions from M2M vs regular applications Help	6	3302	April 15, 2021
It's possible to create authentication for my API clients using auth0? Help management-api , users , free-trial	2	14	October 17, 2024
Login token to use APIs Help	2	1780	April 22, 2022
Best way to give API access Help	5	1899	April 21, 2022
SPA and M2M accessing same API Help	4	3032	July 11, 2020

Accessing user data between applications

Related topics