To whom it may concern,
I hope to get some help urgently on my issue as I have been at it for the last 6-7 days and have came to no working solution. I do ponder is my issue due to Auth0’s end of the code or was it due to the Django’s end of the code.
My original code works perfectly, till I tired implementing JWT Token access to the code base, and everything broke down. My frontend runs on React, while the backend runs on Django.
My intent is to utilize the Machine-to-Machine API Token authentication method, using Client Credentials Flow (https://auth0.com/docs/flows/concepts/client-credentials). The primary Auth0 backend setup is based from here: https://auth0.com/docs/quickstart/backend/django
There will be no-user-login, and only a token authorization will be used.
Presumably, the flow of authentication should be as follows from what I have leant from Auth0’s API:
- Client browser makes Token request from https://.auth0.com/oauth/token endpoint.
- Auth0 authenticates & replies JWT Token.
- Client browser takes received Token & bundles with request to my API server endpoint.
- API Server authenticates Token & processes data from database.
- Client browser received data.
However, at this point, I am faced with a major critical error primarily dealing with 500 error being thrown.
- Once Auth0-JWT Token authentication / Django permissions.IsAuthenticated / Django authentication.JSONWebTokenAuthentication is switched on, only 500 errors are thrown from the server.
I have submitted my Django-end of the code base / issue here: https://stackoverflow.com/questions/56735323/django-rest-framework-why-adding-isauthenticated-permissions-only-threw-500-int
I am not sure where I may have done wrong or did I get the Auth0 flow totally wrong. I sincerely hope that someone may assist me, given that this project is delayed and this security segment has sadly gotten it way overdue.
Hope to hear some feedback on this real urgently. Thank you so much!