I’d like to utilise an auth0 login in login, and I’m accessing my backend APIs to do some logic in it. My concern is, how does my backend know that the user is authorised by auth0 when I use my APIs?
Hi @salim.mahat,
Welcome to the Auth0 Community!
You can determine what the user is authorized for by checking the access token for the aud (audience) claim. The audience refers to the API that the authorized user is for. Also, when you make a request to the login endpoint (/authorize), there is an audience query parameter that also indicates which API the user is authenticating against.
I hope this helps!
Thanks,
Rueben
1 Like
Thanks for your helpful response. I’d like to integrate my product with auth0 and use auth 0 login. After logging in and calling api from my backend in that login flow, my question is how does my backend know if the user is authorised or not?
1 Like
Hi @salim.mahat,
Thanks for the reply.
You can achieve this by validating the access token issued to the user. Simply check if the user has the necessary scopes to access your API.
For more details, please check out our Validate Access Tokens documentation.
Thanks,
Rueben
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.