So after successful login on the native apps using auth0 universal signin box.
We get an access token which is opaque and is used only for /userinfo api.
We get user profile info as well into it.
Now we want to pass this same token to our backend api which should validate and extract the User ID from this and do restricted access operation on the database.
How can i do this. Please suggest the best practice here.
We have a Lambda function in the aws that should be decorated with a custom jwt athoriser that should validate the access token given and pull user id from this.
We tried with custom api in auth0. Somehow this is not making sense to us as it looks like a machine to machine token. Which also has a quota to it along with it do not has user details in it.
You wont be able to achieve this with an opaque access token - In order for your backend to be able to decode the payload you will need to pass a jwt. You’ll need to configure your native app(s) to pass an audience param (your API identifier) when requesting tokens for users. Some more on the audience here:
It helped. Thank you very much for the reply. I just added the audience in the application setting after creating API for reference. Which was our api gateway. And passed the token to our api. With were successfully able to decode the token using https://.auth0.com/pem data and passing RSA algoritham identifier.