Hello,
I am building an application that is using Universal Login for authentication. However, we also need to be able to integrate with other APIs using a JWT.
Maybe I’m confused about Universal Login and what’s happening under the hood, but I’m not quite understanding how to generate a JWT (or capture one that’s already being generated on login).
It feels like my issue is a relatively simple one, so I hope that someone can easily help solve it!
Thanks,
Michael
Welcome to the Auth0 Community!
After successful login you can be returned an ID token and an access token (both can be JWTs). You can use the access token to request resources from APIs, typically API’s you own.
If you need to create a JWT for a third-party API, this would usually be done within your server (if you are actually creating and signing your own JWTs), or they could be requested from the third party auth server by your server after the fact.
If you have more specifics we can dive deeper.
you can be returned an ID token and an access token (both can be JWTs)
I understand, but how and what is suggested? I’ve seen at least three different JS libraries that all seem to sort of do the same thing but I’ve found no indication of which ones are maintained, which is the best, etc.
This project is going to integrate with Stream and Twilio. I’ve been tasked with understanding to what extent we should leverage Auth0’s capabilities to provide us with an authentication JWT for integrating with those platforms.
What framework are you using?
I would recommend checking out our quickstarts. How you get a token will depend on what framework/type of application (SPA, web app, native app, etc) you are using. The guides will typically push you towards the most up-to-date library for each framework. For example, if you are using React, you would choose the auth0-react library and the react quickstart will demonstrate how to get the tokens.
As for the differences in the vanilla JS libraries, take a look at this: Question - auth0-spa-js vs auth0-js · Issue #34 · auth0/auth0-spa-js · GitHub
I’m using React, and I’ve already used some of the fields from the access token that is returned from getTokenSilently. I guess I’m just a little confused of how to get a JWT that is something different.
Can you explain what you are expecting?
The access token that has user information is great for our authentication needs. However, we are also going to be integrating with the Stream API for chat functionality. My understanding is that I need a different JWT with the raw JSON from Auth0 as the payload in order to pass that information to the Stream API. So knowing how to generate this “different” JWT is what I’m confused about.
I hope that is clear; I apologize if I’m being obtuse. Just trying to wrap my head around how exactly Auth0 is going to fit into this project. And I’m by no means a senior architect.
I’m not familiar with the Stream API. Is this an API you control? Are you sure you are returning a JWT? Have you registered an API in the dashboard and are passing the API identifier as the audience in your request to authorize?
The back end of our project will have an API that we control also.
I believe I am getting situated with a support specialist from Auth0, as our client is at a paid tier where support is offered, so I will be chatting with him/her directly.
Sounds good. Let me know if there is anything else I can do!