Accessing user data between applications

Hi,

We have two applications in our tenant - one of which is a “Profile management” application that holds some user data among other pieces, the other is an actual service we run. Both applications can be logged into by the user.

What would be the correct process for the second application in our Auth0 tenant to authenticate to the profile application’s API in the user’s context in order to access their information?

Should we be authenticating the two applications using the M2M flow, or is there a better more user centric way? I’d rather limit the access of user data to the requesting user, rather than it be all or nothing and the decision being made within the Profile application.

Any pointers?

Hi @NHSLA,

Welcome to the Auth0 Community!

For this setup, you can register the Profile API in Auth0 as a custom API with any necessary permissions. Then, from your “second application” you will request an access token for the Profile API when the user authenticates.

To get an access token specifically for this API, you will need to pass the API Identifier as the audience param when you are starting the user authentication.

Let me know if you have any questions.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.