Hi,
I’m trying to secure an Angular application I made as well as the respective backend API written in Node.js/Express.js.
I have implemented auth0-angular according to the quickstart and want to use the included HTTP interceptor to pass the credentials to the API.
For the backend, I followed the respective quickstart for Node.js that uses express-jwt.
Now, it looks like express-jwt is expecting a JWT(*) to work with, whereas the interceptor will only provide an access token (format: xxxxx-xxxxxxxxxxx-xxxxxxxxxxxxxx) via the authorization header.
(*)
var jwtCheck = jwt({
secret: jwks.expressJwtSecret({
cache: true,
rateLimit: true,
jwksRequestsPerMinute: 5,
jwksUri: 'https://xxx.eu.auth0.com/.well-known/jwks.json'
}),
audience: 'xxx',
issuer: 'https://xxx.eu.auth0.com/',
algorithms: ['RS256']
});
When I provide an JWT ID token to the API (via Postman), it’s working.
What’s the most straightforward way to get this working - or am I understanding something wrong?
Thanks,
DS