I got authentication working using the Auth0 Management API, but now I am trying to get it to work on a custom API. I have a SPA that accesses data through a REST API. The user logs into the SPA, creating a token, that is then used to give them access to the REST API. It’s not working on my custom api. The user is able to login to the SPA, but when they try and access data through the REST API they get a 401 error.
I think it is because of the permissions settings, since none of those are initially set in a custom API. My API identifier and audience is https://lassares.drf.com. I was thinking I would be able to use portions of that name with permission setting such as read, create, update and delete to allow access to the REST API. I’ve tried various combinations such as read:lassares, read:lassares.drd, read:drf… but have not gotten it to work. Am I mess understanding how to set permissions?