I have a spring boot project as a resource server and nextjs project that is integrated with Auth0 application for login. I get the access token for the user using @auth0/nextjs-auth0 library and then make request to my resource server. Now, I want to create users using management api, but for this i need access token. I am thinking for accessing the Auth0 management api using my spring boot backend. I am confused whether to get a separate access token for accessing management api from the spring boot project itself or can we configure Auth0 such that same access token can be used for accessing any resource server as well as management api or is my implementation incorrect, please guide me.
Auth0 provides a different approach of connection for different type of calling system so I believe same connection will not work for everything. As you have two applications (Springboot, nextjs) It’s always recommended to create a different application in Auth0 to track it separately.
If you create a separate Application (Auth0 Dashboard > Applications > Applications) in Auth0 for your Springboot application, you need to authenticate using auth service (https://dev-iam-kw.eu.auth0.com/oauth/token) and receive a new Bearer token and using the same token you can access the Management APIs.
I hope, it answers your question…
1 Like
@avinash.singh1 The spring boot project is my backend project which acts as a resource server for my nextjs (UI) project. The access token i get from the nextjs (UI) is used to authorize the resources on my backend project. If i am to use separate application for these two, the backend project won’t be able to authorize as the access token provided by the nextjs (UI) request will be for a separate Auth0 application. Please correct me if i am assuming things in wrong way.
@kkhanal It seems, if are connecting Auth0 from your UI and also wants to connect Auth0 from Springboot backend application. I am not sure with your business need but both are a separate flow and to connect from Springboot backnd, you can create a M2M ( Machine to Machine Authentication) type application in Auth0 to get the Auth token. Both (UI & Springboot) the token will be different and will be called fora different reason so I can’t see any issue here. If you are trying to authenticate the user through backend then you can refer the - Call Your API Using Resource Owner Password Flow
2 Likes
Thanks for your kind reply @avinash.singh1 but i am still confused.
- I have to authenticate which i have done using nextjs (UI). I am currently doing it and using @auth0/nextjs-auth0 library and i am also geting an access token to call my resource server.
- I have considered spring boot project as an api for nextjs project, and i have made it a resource server. This reads the access token provided by my UI (nextjs). I am getting the accesstoken using resource owner password flow and i have send token to my api in the Authorization header.
- I am now planning to access auth0 api management for user/roles management (separate app using Auth0 api register) from spring boot, may be i can use machine to machine authentication for it.
Please correct me if i am still wrong.
And also, i have another question related to access control to api management How do i control the access to api management in Auth0 according to user previleges?.
Your reply means a lot. Thank you very much.