How do i can sign access token in my auth0 rule?
In my auth0 rule im checking if the user is first time user and if true im redirecting him to my angular /redirect endpoint.
In /redirect endpoint user can fill some additional fields and then im making api request to my spring backend and placing this user in my custom DB.
The problem is that everyone can just place that url (‘mydomain.com/register’) in his browser and fill some fields. I need some kind of access token which my backend could verify. In rs256.
My second question is what can be a private or public key?
If I understand you right, you want to protect the mydomain.com/register endpoint and allow access from your angular application. I would suggest using the Client Credentials flow (aka machine-to-machine flow) to protect this.
This explains what should i do on backend side. I have this tutorial done. Now if i want to use this backend i need to have access token. I can get this token by regular authenticaiton flow via auth0 login page. But i did rule which redirects me to my angular /register endpoint when i can do custom register logic. Then im making post request to my backend to create user profile in my custom db.
But the problem is that everyone can write /register endpoint in his browser and do registration without using auth0.
I just need to sign token and pass it with my redirect rule.
Sorry for such huge delay in response! We’re doing our best in providing you with best developer support experience out there, but sometimes our bandwidth is not enough comparing to the number of incoming questions.
Wanted to reach out to know if you still require further assistance?