Auth0 Home Blog Docs

Client token in server authentication flow

spring-security

#1

Hello,
I’m having issues authenticating my backend with the token I receive from Auth0 in my front end client.

Using emberjs-simple-auth-auth0 I correct receive a token and authenticate on the frontend. However using that same token I’m unable to get my backend to accept incoming requests.

I’m using auth0-spring-security-api on my backend application. I think I might have just configured my auth0 dashboard incorrectly?

Looking at the access token returned from the frontend it looks something like svfyTcAAqHbIdppi_zkJHkldW2jhJKF3 so if I take that and put it into a curl request to the backend

curl -X GET -H "Authorization: Bearer svfyTcAAqHbIdppi_zkJHkldW2jhJKF3" -H "Cache-Control: no-cache" "http://192.168.0.109:39885"

I get a 401 from my backend.

All I’ve done in the dashboard is create a API, which automatically created me a non-interactive test client, so I’ve used that client ID in my frontend.

I get the sense this isn’t the correct client type to use?


#2

Based on the information you provided you configured you API back-end (aka resource server) correctly in the Auth0 Dashboard, but then did not do the same for the client application front-end. In particular, like you mentioned the non-interactive test client is not suitable for the scenario at hand and you should configure a separate client application to represent your front-end.

The front-end makes use of Ember.js so it falls in the client-side application camp for which you should check:

If you follow the above you’ll notice that you’ll be sending an audience parameter during the authentication request and that the audience matches the API you configured. This will mean the client application will receive an access token suitable to call your API. At this time, this technically translates to a JWT access token that the API can validate by itself.


#3