I am exploring Auth0 SDK for angular application. I have created one SPA and API with ‘Machine to Machine’ configuration. I have added couple of scopes in API and same are allowed from SPA application from auth0 dashboard page.
However, with auth0 sdk in angular application we successfully get Authorize code through ‘/authorize’ endpoint but when application make call to ‘oauth/token’ endpoint then we get ‘{“error”:“access_denied”,“error_description”:“Unauthorized”}’ error.
With the Auth0-Angular library there is an HttpInterceptor called AuthInterceptor iirc. If you use that interceptor when calling your secure API calls you get a JWT token, that can then be used validate a user. If you look at the API quickstarst Node example you’ll see how the JWT token is validated. This gives you the Auth0 user ID (and org id if you are using organizations). You do NOT call /authorize independently on your own.
I just spent the last few hours figuring this out. Using this video
Hi,
Thanks for reply.
Does it mean I need to create two applications in dashboard one is with necessary type (either web app or single page application) and other is with ‘Machine to Machine’ configuration with respective API app?
