I have a React Frontend (SPA) and I followed the tutorial till the point where I receive an accessToken, idToken and expiry date. The refresh mechanism in frontend works.
I set now an accessToken to the header with very request I fire to my API. The header is basically the accessToken NOT the idToken.
Now → how do I verify that the accessToken is a correct one on the API site? Basically I use an AuthorizationFilter with Java and a typical SecurityConfig (Spring Security).
When I make requests to userInfo I end up with too many requests.
Unfortunately I’m a bit confused on how to do this and would greatly appreciate help.
Hey there @flurz123, we actually have a helpful quickstart on this which I have linked below that dives into how to validate your access tokens. When you get a minute give it a look and let us know if you have any additional questions or if helped you in your quest, Thanks!
I wanted to follow up @flurz123 and see if you had any additional questions in regards to this subject? Please let us know if we can be of further assistance. Thanks!
Hey there @jeb, I’d be happy to dig into this with you. When get a chance can you recreate the workflow when you receive the 401 unauthorized response, capture it in a HAR file, and direct message it over to me. Please be sure to select “Preserve log” to catch redirects and scrub the file of user passwords before passing it over, thanks!
After further inspecting your HAR file with our team, we were able to deduce that the error appears to belong to your declaration of your audience. This needs to corrected by declaring your audience in your config when your go to authenticate. To do so, you need to create an API on Auth0 from our dashboard and leverage that audience identifier in your call to be able to successfully proceed forward. It’s important to note that the audience value needs to be the API you want to call. Thanks!