Allow a developer to access API

patrick.breiter · March 11, 2021, 4:57pm

Hi

We are already successfully using Auth0 in combination with an Angular SPA. The users can login via the Auth0 login screen and we are identifying the user based on the sub attribute in the backen.

Now we want to give developers access to our API:

We will register the developer as an Application (Client ID, Client Secret).
The user should be able to fetch an Access token from an endpoint (currently I don’t see this option in the application page)
We should be able to map the user to the application so he only has access to his entities. For this we should also get access to the sub-attribute.

Do we have to do this mapping between application (client id) and the user in our backend?

This this process somewhere documented? I feel a little bit lost right now.

Thank you very much,
Patrick

cibrax · March 11, 2021, 8:51pm

You have to define an API for backend, and register it in the Auth0 dashboard. That API will be assigned with an Audience URI. Your SPA will need some code to negotiate an access token from Auth0 for that API using the registered audience. Auth0 will return an access token (JTW) that you will be able to use and pass to your API. In addition, you can define roles and assign those roles to the user. Roles will be injected in that access token, and you inspect them in your API to authorize the call or not.

konrad.sopala · March 12, 2021, 11:10am

Thanks for helping on this thread @cibrax !