Authorizing third party API access with JWT

joe.a · March 16, 2022, 9:48pm

Hi,

We built an API for our application that is authenticated and authorized using JWT from Auth0. It works great!

Now we have a third party application that would like to call these APIs from a SPA on their website.

Is there a standard approach to this? Would this require setting up SAML or OIDC to connect their identity provider to authorize their clients?

Another option might be to create an API the third party would need to call with a hashed userId from their server with an API key/secret that would create a “stub” user and return a JWT?

Thanks

john.gateley · March 17, 2022, 1:07pm

Hi @joe.a

These are third party apps. You can start here: First-Party and Third-Party Applications

Basically they need to OIDC into your Auth0 tenant to authenticate, you give them back an access token (possibly a refresh token too).

John

Topic		Replies	Views
I have a jwt from an external source. Can I use it to auth to Auth0 so I can then authenticate to another application? JWT.io jwt , auth0	0	3289	April 13, 2020
Enabling third party applications having their own IdP to access API Help auth0	4	2728	October 27, 2021
Generating JWT for integration with third-party API Help jwt , universal-login	10	5145	March 14, 2022
SPA for a third party client and domain connection Help jwt , auth0 , connections , login , third-party	4	4690	January 22, 2019
Best practices for authenticating API requests from domains you don't control Help jwt , oidc , multi-tenant , api-authorization	5	5163	August 29, 2019

Authorizing third party API access with JWT

Related Topics