Have I understood Auth0 wrong?

Hello @all!

I wanted to use Auth0 for following use case:

I have a SPA called ‘SPA’. I have a backend FastAPI api called ‘BACK’.

At my SPA, there is an email and password field. When hitting login, I want to perform an oauth request to Auth0, where I have created the user and assigned permissions to login to this app.

When the SPA receives the token, it then can query the BACK with this token for data. The BACK will check the token and query Auth0 for this user if he has permissions to get this data, to only read it, to modify it, …

However, I tried a lot of configuration and requests, but could not achieve this complex scenario with Auth0. Is this possible or not they way Auth0 is meant to get used?

Kind regards,
Martin

Hi @prutheus,

Welcome to the Auth0 Community!

I understand that you would like to know whether it’s possible to call an API with specific permissions in the access token.

Yes, it is! In this case, you could Call Your API Using the Authorization Code Flow with PKCE. This is specific for SPA’s and is intended to obtain an access token to grant specific access to an API.

Please let me know if you have any questions or concerns.

Thank you.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.