We are integrating Auth0 for one of our existing client. They are currently using Identity Server. However, there are many things where we are struggling and not found any certain answer, I thought to present the scenario with Auth0, so that you can point us into the correct direction .
Scenario is :
We have an existing application which is asp.net 4.7 OWIN based MVC app,In MVC app we have configured user authentication using Auth0. Now We are planning to expose an endpoint which can be consumed by a react component(sub-component of existing MVC app to get the access tokent (JWT). The same access token used by the react component to call multiple web APIs (microservices).
What we have achieved so far->
- Implement Login/Logout functionality using Auth0 and get the auth-code in MVC app.
Further Plans/Requirement to Get access_token to secure API:
-
Create an endpoint in MVC which will be called by react components(sub-component of MVC app) to get acesss_Token .
-
React component use the same access token to call the API .
-
Once the access token expired then how to refresh the access-token in this scenario, please provide any link that will suggest the endpoint used to refresh the access token.
-
APIs(asp.net core 3.1 based) validate the access token and secure the end points .
Note : We are using one logical API for the micro services.
Listed below some queries on which we need inputs :
- Please provide a link of Auth0 using which we can implement the Requirement number 2 i.e ( Create an endpoint in MVC which will be called by react components to get access_Token.)
- Kindly confirm are we using the right approach/link(Auth0 ASP.NET Core Web API SDK Quickstarts: Authorization) for Requirement 4 ( APIs validate the access token and secure the end points)
Forgive me if my question is very long but this is a very urgent requirement, and we have very short timeline to address these changes. An early reply will be appreciated.