Get JWT token for logged in user, without a secret?

I have a Quasar (Vue 3) SPA, that authenticates with Auth0. This works great!

[ SPA ] loginWithRedirect() → [ Auth0 ] → Logged in.

I have now added an API (PostgREST) into the mix. PostgREST is a REST API wrapper for PostgreSQL, and allows for authentication using JWT.

I can manually create a JWT and add it to the SPA, this works, it authenticates with the PostgREST API. Question now is, how do I get an actual JWT (not hardcoded) for this user in my SPA? I was thinking that Auth0 could provide me with a JWT token, after having succesfully been authenticated. However, it seems that it requires an Auth0 secret to request a JWT?

This says I need a client secret to request a JWT token:

This won’t do, as an SPA is basically client-side code, and I cannot safely store the secret in the SPA code.

Am I missing something or is this a dead end?
Much appreciated!

Hello there @StuStu welcome to the community!

You’re on the right track in thinking that Auth0 can provide a user with a JWT(s) upon successful authentication/authorization. The Vue SDK should take care of this for you - I definitely recommend checking out our sample app here. You may find the quickstart and this documentation helpful as well :smile:

That’s correct, the Access Tokens the documentation you linked is referring to to Management API Access tokens which can perform tenant related actions. An access token returned by the Vue SDK or in any SPA SDK will be specific to the user, and is typically verified by and used against an API (your API). You may find our architecture scenarios documentation helpful as well.

Hope this helps!

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.