It’s seems that the login process over the frontend is working because the http interceptor attached the bearer token to the request which is send to api but sadly i get the response that its forbidden.
{"errors":[{"message":"Authentication is required for this route."}]}
Of course, i like secure the route f.e. “/api/v1/users/me” with middleware method “requiresAuth()” of the express-openid-connect package in the first place. But i can’t figure what i’m doing wrong.
I guess it’s not the frontend because a correct Bearer (guess too) is attached.
The Backend might wants to strictly like to login with oidc package login method? i don’t know…
firstly thanks for the response. But i guess i had a knot in my head about architecture of the app/api/auth.
But to answer at least your question
Yes the Bearer attached
The audience is in the AuthModule Config is correct
Decode of the attached bearer seems good
=> Solution: This was also the solution for my mind. Honestly i was not sure about the oidc topic at all. So the whole backend implemtation did not make any sense because i dont auth the user via my backend via the mentioned oidc express middleware instead “just” have to check the bearer which is already attached to the request and get ride of the oidc stuff in the backend. I then used GitHub - auth0/express-jwt-authz: Validate the JWT scope to authorize access to an endpoint to secure the root like i wanted.
I read a lot of Quickstart and Tutorials perhabs i read also this.