Have I understood Auth0 wrong?

prutheus · January 12, 2022, 3:42pm

Hello @all!

I wanted to use Auth0 for following use case:

I have a SPA called ‘SPA’. I have a backend FastAPI api called ‘BACK’.

At my SPA, there is an email and password field. When hitting login, I want to perform an oauth request to Auth0, where I have created the user and assigned permissions to login to this app.

When the SPA receives the token, it then can query the BACK with this token for data. The BACK will check the token and query Auth0 for this user if he has permissions to get this data, to only read it, to modify it, …

However, I tried a lot of configuration and requests, but could not achieve this complex scenario with Auth0. Is this possible or not they way Auth0 is meant to get used?

Kind regards,
Martin

rueben.tiow · January 12, 2022, 7:36pm

Hi @prutheus,

Welcome to the Auth0 Community!

I understand that you would like to know whether it’s possible to call an API with specific permissions in the access token.

Yes, it is! In this case, you could Call Your API Using the Authorization Code Flow with PKCE. This is specific for SPA’s and is intended to obtain an access token to grant specific access to an API.

Please let me know if you have any questions or concerns.

Thank you.

system · January 27, 2022, 7:36pm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Do I need to handle the entirety of user login on the frontend in an SPA? Help auth0 , login , pkce	0	1782	August 9, 2022
New to Auth0 - some basic questions Help login-experience , new-universal-login-experience	6	1104	April 29, 2023
API Authentication With Access Token vs. ID Token Help	6	11910	December 17, 2018
Newbie: Confused about Auth0 setting and workflow Help	3	3409	January 29, 2019
How to receive Authorization Code? Help	6	6309	October 17, 2019

Have I understood Auth0 wrong?

Related topics