Angular C# API Backend

I am confused. I have an angular app I can get that work. Now I need to go to a C# .NET CORE API. I set up a SINGLE PAGE APPLICATION for my Angular application… Then I set up under API a CUSTOM API. This is all I have done. DO I USE THE Domain, Client ID, and Client Secret from MY SPA in my C# app OR Do I need to to create another APPLICATION for my C# application that is machine to machine.? When I try to get a TOKEN using the credential from my SPA in postman it does not work. I think I am confused here on how all of this works. I get this error “error”: “unauthorized_client”,
“error_description”: “Grant type ‘client_credentials’ not allowed for the client.”,
Is my confusion that I can’t use the SPA credentials for my C# application?

  • Update
    Ok, I think part of my confusion is IGNORANCE, and the documentation is sort of suspect
  1. The confusion (I hope) is that I need to create 2 Applications (is that correct?). I created one for my SPA and then one for C# Backend. For some reason I got it in my mind that I only needed the SPA application and it would somehow pass down my BEARER token. Was that the WRONG ASSUMPTION?

  2. I then created a NEW Application/API (menu structure) and ALSO created an Applications/Applications (how does that menu structure make sense?) MACHINE TO MACHINE application for my C# backend (IS THAT THE CORRECT THING TO DO?)… With this set up, I was able to get a bearer token and it did allow me to get to my C# API (I used postman and passed in the BEARER token in the headers and it worked)

  3. NOW HERE IS MY CONFUSION ***. How do I now make my angular application pass down this token? I need to find the IN-DEPTH ARTICLE FOR THAT…

I realize I need to read the documentation, that was probably my fault, but it was really confusing and I was looking for an article that shows me how to do this WHOLE WORKFLOW… I am sure it is there, my fault for not understanding, but it was confusing… I will read more and figure it out and update this post, I AM NOT THE ONLY PERSON who will MIS-READ the documentation

Hi @profitdreamer,

Welcome to the Auth0 Community!

That is correct, you only need to register the SPA as an application, and the backend as an API.

You don’t need a machine to machine app for your SPA → API requests. These can be authenticated with the Access Token passed in header (bearer token).

Here’s an example of a full stack Angular + C# app:

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.