Im working on a new application in c# .NET that will communicate with their own API also in .NET.
But here im a bit confused with auth0 i can make an API in my dashboard that returns an JWT token and my application should also authenticate the user with password or a social provider. How can i secure my web API so only authenticated users can access my API through the Application?
Have you had chance to take a look at the samples here? We do provide several .NET samples which could be helpful depending on your specific needs. It’s a great way to understand the relationship between authentication/authorization of a user and the use of an API in code.
At a high level users will authenticate/authorize against your app using Universal Login (which can include social providers) - Once they have completed auth Auth0 will return ID and access tokens. The access token is typically only handled client side and serves to represent the authenticated user. On the other hand, the access token will be used against and validated by your API.
@tyf I followed this document Register APIs and this is the part where i got confused. I have an C# Web API and i registered an API in auth0 dashboard but it is not my C# web API that returns a token to my application, right?
So my user should use universal login in the application and the application should contact the API created in the dashboard which returns a token i can than use to contact my own C# Web API?
Your client side application is most likely what users will interact with and engage with universal login - During the login flow you’ll use the API identifier of the API you registered in Auth0 as the audience param. Once your client has a user’s access token, this is what will be used against and validated by your API.