I’m a little new to Auth0 and I think I’m misunderstanding how Applications and APIs are meant to be used respectively.
I have a nextjs front-end which I’ve configured as a regular web application. It works well, built from the library available here: https://github.com/auth0/nextjs-auth0
I also have a strapi cms and another graphql server, so… two backends.
I want to secure the back-ends with Auth0, and I need them to be identity-aware for authorization reasons. So I started by setting up the cms as a machine-to-machine application, and then created an API and added the cms application to it.
Then, in my front end, when the user logs in I simultaneously get an access token as per: https://github.com/auth0/nextjs-auth0#getting-an-access-token
I attach that access token as the auth bearer token in the app’s request to the cms, but I get ‘401 Invalid Token’ from strapi.
In this case, I’m not sure whether it’s strapi or Auth0 that’s misconfigured.
Can somebody let me know whether I’m misunderstanding how Auth0 should be configured, and if so suggest how I should be approaching this?