How do quickstarts for Angular client and Node.js API fit together?

Hi,

I’m trying to secure an Angular application I made as well as the respective backend API written in Node.js/Express.js.

I have implemented auth0-angular according to the quickstart and want to use the included HTTP interceptor to pass the credentials to the API.
For the backend, I followed the respective quickstart for Node.js that uses express-jwt.

Now, it looks like express-jwt is expecting a JWT(*) to work with, whereas the interceptor will only provide an access token (format: xxxxx-xxxxxxxxxxx-xxxxxxxxxxxxxx) via the authorization header.

(*)

var jwtCheck = jwt({
  secret: jwks.expressJwtSecret({
      cache: true,
      rateLimit: true,
      jwksRequestsPerMinute: 5,
      jwksUri: 'https://xxx.eu.auth0.com/.well-known/jwks.json'
}),
audience: 'xxx',
issuer: 'https://xxx.eu.auth0.com/',
algorithms: ['RS256']

});

When I provide an JWT ID token to the API (via Postman), it’s working.

What’s the most straightforward way to get this working - or am I understanding something wrong?

Thanks,
DS

Have you followed the Angular quickstart section specific to calling an API (Auth0 Angular SDK Quickstarts: Call an API)?

At this time, if you specify an audience during the login the issued access token will be a JWT suitable to call the API specified as audience.

That was it! Thank you for the hint.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.