Have I understood Auth0 wrong?

prutheus · January 12, 2022, 3:42pm

Hello @all!

I wanted to use Auth0 for following use case:

I have a SPA called ‘SPA’. I have a backend FastAPI api called ‘BACK’.

At my SPA, there is an email and password field. When hitting login, I want to perform an oauth request to Auth0, where I have created the user and assigned permissions to login to this app.

When the SPA receives the token, it then can query the BACK with this token for data. The BACK will check the token and query Auth0 for this user if he has permissions to get this data, to only read it, to modify it, …

However, I tried a lot of configuration and requests, but could not achieve this complex scenario with Auth0. Is this possible or not they way Auth0 is meant to get used?

Kind regards,
Martin

rueben.tiow · January 12, 2022, 7:36pm

Hi @prutheus,

Welcome to the Auth0 Community!

I understand that you would like to know whether it’s possible to call an API with specific permissions in the access token.

Yes, it is! In this case, you could Call Your API Using the Authorization Code Flow with PKCE. This is specific for SPA’s and is intended to obtain an access token to grant specific access to an API.

Please let me know if you have any questions or concerns.

Thank you.

system · January 27, 2022, 7:36pm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Do I need to handle the entirety of user login on the frontend in an SPA? Help auth0 , login , pkce	0	1782	August 9, 2022
New to Auth0 - some basic questions Help login-experience , new-universal-login-experience	6	1095	April 29, 2023
External API for authentication Help apis , application	1	1385	November 29, 2022
Use JWT Access-Token from SPA SDK Login for backend API verification JWT.io jwt , auth0 , api , login , access-token	1	2858	February 7, 2022
How to secure an API with Auth0 Help access-token	5	10541	February 10, 2019

Have I understood Auth0 wrong?

Related Topics