Custom API integration with Angular

So, I created a single-page application on Auth0 and integrated it with my Angular front end. This worked perfectly, and users could log in to my application using Auth0. I however wanted to set up roles/permissions, so created creating a custom API in Auth0. I have connected this API to my python backend and have tested it on the postman.
My Angular application was already using a python API to perform GET/POST/PUT/DELETE requests.
I integrated my python API with my auth0 APi using:

class Auth0JWTBearerTokenValidator(JWTBearerTokenValidator):
    def __init__(self, domain, audience):
        issuer = f"https://{domain}/"
        jsonurl = urlopen(f"{issuer}.well-known/jwks.json")
        public_key = JsonWebKey.import_key_set(
            json.loads(jsonurl.read())
        )
        super(Auth0JWTBearerTokenValidator, self).__init__(
            public_key
        )
        self.claims_options = {
            "exp": {"essential": True},
            "aud": {"essential": True, "value": audience},
            "iss": {"essential": True, "value": issuer},
        }

require_auth = ResourceProtector()
validator = Auth0JWTBearerTokenValidator(
    "example",
    "example"
)
require_auth.register_token_validator(validator)

I’m am unsure however how to integrate my Auth0 single-page application with my Auth0 custom API via angular. I tried by ‘audience’ to my authModule.route, as seen below:

AuthModule.forRoot( {
      domain: 'example',
      clientId: 'example',
      audience: 'http://localhost:5000',
  
      authorizationParams: {
        redirect_uri: 'http://localhost:4200',
      },
      

    }) 

I have assigned users certain permissions, but when I try to execute API requests as an admin user via my frontend application I am now getting 401 errors, so I don’t believe my application is integrated with my API. Any help would be greatly appreciated!

Hi @bethmccoy1110,

You should be able to take a look at your token and see if it has the correct claims, including the audience you requested (AKA your API identifier).

JWT.io is a helpful tool for decoding JWTs. If you have trouble, post an example JWT and we can take a look.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.