How should I set up Auth0 for Universal Login with a front-end and two apis?

martaver · August 24, 2020, 8:13pm

I’m a little new to Auth0 and I think I’m misunderstanding how Applications and APIs are meant to be used respectively.

I have a nextjs front-end which I’ve configured as a regular web application. It works well, built from the library available here: GitHub - auth0/nextjs-auth0: Next.js SDK for signing in with Auth0

I also have a strapi cms and another graphql server, so… two backends.

I want to secure the back-ends with Auth0, and I need them to be identity-aware for authorization reasons. So I started by setting up the cms as a machine-to-machine application, and then created an API and added the cms application to it.

Then, in my front end, when the user logs in I simultaneously get an access token as per: GitHub - auth0/nextjs-auth0: Next.js SDK for signing in with Auth0

I attach that access token as the auth bearer token in the app’s request to the cms, but I get ‘401 Invalid Token’ from strapi.

In this case, I’m not sure whether it’s strapi or Auth0 that’s misconfigured.

Can somebody let me know whether I’m misunderstanding how Auth0 should be configured, and if so suggest how I should be approaching this?

konrad.sopala · August 25, 2020, 12:38pm

Hey there!

Can I ask you to raise it as a GitHub issue in the repo you mentioned so that the repo maintainers can guide you how to use the stack they maintain to achieve that? Make sure to share the link with us so we can ping them. Thank you!

martaver · August 25, 2020, 1:26pm

Hi, yeah I actually raised an issue on their side already, this is the one: https://github.com/strapi/strapi/discussions/7582

I guess my problem is that I don’t know whether I understand auth0 right.

My goal is that the user logs in with the front-end once, through Auth0, and then is able to make authenticated requests to backend services, including the strapi cms. It’s fine if the app has to do some kind of token exchange in order to make authenticated requests to backend services, and fine if the user has to confirm some extra permissions dialogs once. The back-end services need to be able to get the user profile so they can be identity aware. It’s not okay if the user has to log in more than once.

If anyone can describe how they can achieve that from an Auth0 perspective, that would be wonderful!

nico1 · February 8, 2022, 2:11am

Did you ever find a solution to this?
I think I’m facing the same challenge.

Topic		Replies	Views
Strapi + NextJS and Authenticated requests Help jwt , auth0 , api , login , access-token	1	2940	February 8, 2022
Next.js Authentication with Auth0 — The Ultimate Guide Blog Discussions	28	11519	April 26, 2023
React native + nextjs + auth0 Help platform-infrastructure , general-architecture-question	8	2233	January 5, 2024
Trying to figure out how should I use Auth0 with my application Help configuration , application	1	1082	January 17, 2023
User management with auth0 and strapi Help user-management , account-linking	2	2330	February 16, 2024

How should I set up Auth0 for Universal Login with a front-end and two apis?

Related Topics