I am trying to integrate auth0 with one of JS client(jquery) and couple of web api’s(asp.net core web api).
Let me brief you what i am up to.
- I have created a client (JQuery) and using it to login on auth0 and it returns me a access token.
- Now i need to access couple of other Web APIs(those are also registered as client at my auth0 account).
- I have created 2 scopes in API client.
- When i am requesting access_token from auth0 in JS App, I am sending those two scopes in scope parameter in Auth0Lock function.
- With the token returned, i am calling the APIs by passing token in header as described in documentation.
- In API side, i am first checking whether token contains specified scope with one of the policies registered in start.up file in my core web api.
- That is working fire,
My question is that the process i am following is the correct one ?
Lets say i have to access another api with that same token, then i need to verify the token at API end for the scope specified.
My second question is that when i try to access claims from token in my API, there is not much information in this. Ideally i would like to get email and user name from token and later on i would also like to add custom token whenever required.
what is the process for that ?
Let me know if there is something not making sense here.