I am trying to add Auth0 to a web app and only allow certain actions based on the authentication status.
So far I have been attempting to duplicate what I found in the Java EE quick start with limited success. In the example it appears that access to the profile page is depending on information from the Auth0JwtPrincipal.
Principal principal = request.getUserPrincipal();
if (principal instanceof Auth0JwtPrincipal)...
Currently my application either fails to get the principal from the request, or the principal is not an instance of Auth0Jwt Principal.
Everything up to this point appears to work correctly: I get to he Auth0 universal login page, it redirects back to my callback servlet, then to my home servlet as I have it set to.
Is this the best way to verify authentication status?
Other than urls and the web.xml, is there anything I may have missed changing from the quick start example?