ASP.Net Core / Xamarin integration help

Hello,

(For context, I am not new to development, but I am new to understanding how to code up authentication / authorization, web calls, etc, so pardon me if I ask stupid questions)

I am implementing a Xamarin mobile application that connects to a rest api exposed from an ASP.Net Core application hosted in Azure. In the Xamarin application, I have followed the quickstarts and have the login implemented successfully and get back the successful LoginResult which has the Access and Identity Tokens.

In the RazorPages in AspNet Core that I am using on the admin website I also have Auth0 login implemented. Here I successfully get the User ClaimsPrincipal hooked up with the email address, etc for the claims I have enabled for that api / application.

The part I am missing is what tokens do I pass to the server on the Rest calls from the Xamarin Application? And what Auth0 api do I call to get the claims for that token in order to authorize it? Right now I am passing the access token:

request.AddHeader("Authorization", "Bearer " + App.Current.AuthenticationResult.AccessToken);

In the ASP.Net Core controller the User ClaimsPrincipal that comes in doesn’t have any of the claims I need (such as the email addr is the most important). I am calling the /userInfo api to get the email address associated with that token, but realize this is definitely not the correct way to do it, especially since there are call limits of 5/min for this api.

I have too many questions.
Is there a walkthrough that shows / explains how to do this from a mobile application?
Do I call the /authorize api to verify the bearer token?
How do I correctly get the claims for that token?
In the admin website scenario, what automatically hooks up the claims on the User ClaimsPrincipal object?

Thank you for any points / directions you may offer.

I’m new to Auth0 and just figuring out all of this myself. But this is my understanding… you request the access token with email as the scope, that should pull the email in. Other claims that you want, I believe you can create a rule to add those claims to the token? Like I said, I’m still new to setting this all up too, but I’ve crawled the forums a lot trying to get my own answers and I think that’s what you’re after. If I’m way off base, sorry :stuck_out_tongue:

Thanks, I do get the email in the claims in the LoginResult on the Xamarin device. But I need to send that token to the Rest API on every request in order for the server to verify the identity. How the server then get’s those claims again is where I am lost.

Yeah, so I think that’s where you use a rule to add custom claims to the access token?