How do quickstarts for Angular client and Node.js API fit together?

Hi,

I’m trying to secure an Angular application I made as well as the respective backend API written in Node.js/Express.js.

I have implemented auth0-angular according to the quickstart and want to use the included HTTP interceptor to pass the credentials to the API.
For the backend, I followed the respective quickstart for Node.js that uses express-jwt.

Now, it looks like express-jwt is expecting a JWT(*) to work with, whereas the interceptor will only provide an access token (format: xxxxx-xxxxxxxxxxx-xxxxxxxxxxxxxx) via the authorization header.

(*)

var jwtCheck = jwt({
  secret: jwks.expressJwtSecret({
      cache: true,
      rateLimit: true,
      jwksRequestsPerMinute: 5,
      jwksUri: 'https://xxx.eu.auth0.com/.well-known/jwks.json'
}),
audience: 'xxx',
issuer: 'https://xxx.eu.auth0.com/',
algorithms: ['RS256']

});

When I provide an JWT ID token to the API (via Postman), it’s working.

What’s the most straightforward way to get this working - or am I understanding something wrong?

Thanks,
DS

Have you followed the Angular quickstart section specific to calling an API (https://auth0.com/docs/quickstart/spa/angular/02-calling-an-api)?

At this time, if you specify an audience during the login the issued access token will be a JWT suitable to call the API specified as audience.

2 Likes

That was it! Thank you for the hint.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.