Hey everyone. I have an SPA that authenticates with an Auth0 SPA app and calls a (homemade) API that accepts the SPA’s tokens. Works great. It’s exactly like the “ExampleCo” timesheet scenario in https://auth0.com/docs/architecture-scenarios/spa-api
I want to add a hook to the SPA app, and that hook is going to need to call the same homemade API. Specifically, my API has its own User implementation, and I want to call something like
POST /api/user whenever Auth0 creates a new user in the SPA app.
I’m trying this out and getting 401 (Unauthorized) failures in the hook testing window.
Note that this API is definitely accepting tokens directly from my SPA app. So I’m unclear on why a hook in my SPA app isn’t Authorized to call the API that is already known to accept tokens from my SPA app.
I realize that an M2M is recommended when you want to call an API from within a Hook, but… that would be from what to what under the circumstances? I’m confused by the need for any more complexity when I (should) already have the needed token.