Authorizing third party API access with JWT

joe.a · March 16, 2022, 9:48pm

Hi,

We built an API for our application that is authenticated and authorized using JWT from Auth0. It works great!

Now we have a third party application that would like to call these APIs from a SPA on their website.

Is there a standard approach to this? Would this require setting up SAML or OIDC to connect their identity provider to authorize their clients?

Another option might be to create an API the third party would need to call with a hashed userId from their server with an API key/secret that would create a “stub” user and return a JWT?

Thanks

john.gateley · March 17, 2022, 1:07pm

Hi @joe.a

These are third party apps. You can start here: First-Party and Third-Party Applications

Basically they need to OIDC into your Auth0 tenant to authenticate, you give them back an access token (possibly a refresh token too).

John

Topic		Replies	Views
I have a jwt from an external source. Can I use it to auth to Auth0 so I can then authenticate to another application? JWT.io jwt , auth0	0	3292	April 13, 2020
Enabling third party applications having their own IdP to access API Help auth0	4	2741	October 27, 2021
Generating JWT for integration with third-party API Help jwt , universal-login	10	5184	March 14, 2022
SPA for a third party client and domain connection Help jwt , auth0 , connections , login , third-party	4	4691	January 22, 2019
Different API access scenarios; own SPA, tenants, third-parties Help api , spa , api-keys , api-authorization	5	5002	March 2, 2018

Authorizing third party API access with JWT

Related Topics