Brand new to Auth0, and 3rd party authorization/authentication in general. This is likely a pretty basic question, but I haven’t been able to find the answer.
I have an API that I need to secure using Auth0. The API is written in .Net Core, but I don’t think that matters for my question. This API will be called by either a web app, or native mobile app. Users will log in to the mobile/web app, then that will call the API. I need to get their login information in the claim that’s passed to the API.
What should I do for this? Do I set this up as an application, or machine-machine API call?
With machine-machine, I can get a test token from my dashboard, but this doesn’t have any user information. Using an Application API, I can log in but don’t get a token to pass to the API for testing.
I don’t currently have a working front end, so how can I get a token with the correct user claims to test the API?
How should I set this up? Is there a really high level overview document that would help me to understand what I should be doing, or a book that anyone recommends?
Hello,
To secure your .Net Core API with Auth0 and ensure user login information is passed in the claims, you should set up your API as an Application API rather than a machine-to-machine API. Here’s a high-level overview of what you need to do:
Create an API in Auth0: In the Auth0 dashboard, go to the APIs section and create a new API. This will give you an API identifier (audience) that you will use in your .Net Core application. Sedgwick
Configure your .Net Core API: Use the Microsoft.AspNetCore.Authentication.JwtBearer package to configure JWT Bearer authentication. Set the authority to your Auth0 domain and the audience to your API identifier.
Get a Token for Testing: Since you don’t have a working front end yet, you can use the Resource Owner Password Flow to get a token with user claims for testing. This flow allows you to programmatically log in a user and get an access token.
Testing Locally: You can simulate Auth0 locally for development and testing. [Tools like mock-jwks can help you create mock JSON Web Tokens (JWTs) for testing purposes]