I have a SPA Application that has Github Social Login activated.
I’m wondering if there is any possibility that the SPA application would be able to fetch the access token from 0auth and access github on behalf the user that is signed in.
Welcome to the Auth0 Community!
Here’s a post I wrote on Stack Overflow:
There are two Access Tokens that are issued when a user logs in with GitHub through Auth0.
First, GH issues an Access Token to Auth0. Second, Auth0 issues an Access Token to your application.
The first Access Token (the GH token) is stored in the Auth0 database with your user’s info. It can be accessed via the Management API in the user’s
identities array; and is known as an Identity Provider Access Token.
This doc describes it in depth: Identity Provider Access Tokens
Let me know if you have any questions!
Thank you for such a fast reply.
If I may address another issue in the same thread.
How would I proceed in order to use the management API? Can I use it using the token the SPA app has ? or I need to create a backend where I use the API from there?
If is the latter how do I go about authorising frontend requests in the backend?
You can use the Management API with frontend tokens, but they are very limited in scope and can’t access the IDP access tokens (GH access tokens) you are looking for.
You will need to proxy any request for IDP access tokens through a secure backend/API.
Your front end will request a user access token which it can use to authenticate with your backend API, and your backend will request a M2M access token for the management API.
This blog is a great example of how to set up a React + Express API stack:
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.