Hi,
Not sure this is the suitable place to ask this.
We have a REST API service runs on tomcat and another app for the UI runs on a different server.
REST API => http://domain1.com/api
UI => http://domain2.com/
All the business logic exists in the REST API and also the users and authentication happens in the REST API side.
What now we want is to remove the users from REST API side and integrate with Auth0.
But want to secure REST API using Auth0.
Is there any guide suites for this scenario?
I found one which uses JWT.
According to this guides REST API only validate and decrypt but not calls to the Auth0 from REST API to validate the token.
Above is the the correct approach?
Appreciate any guidance.
Thanks!