How to authorize loggedin user from client on server side?

Get Help
,
1

Hello I am new in Auth0,

I hava a case, an app using SPA login with Auth0, and I need to authorize that user login on server side.

What I am thinking right now:

  1. login using Auth0 SPA
  2. get access token fron login
  3. send data using access token in header Authorization
  4. and verify it in graphql context or express middleware?
const auth0Client = await auth.createClient();
console.log(await auth0Client.getTokenSilently()) // return access token
console.log(await auth0Client.getUser());
const token = await auth0Client.getTokenSilently();
fetch('/api', {
    method: 'POST',
    headers: {
      'Authorization': `bearer ${token}`
    },
});

on server side, I need to validate it manually and get user data from that token

how to do that?

2

Check this article.

Thanks
Pablo.

3

Thanks for sharing that @cibrax !

4

Hello @cibrax

I already learn about it because it very googlable :smiley:

but I need to do that manually not in middleware,

so what I am doing?
I create custom middleware (for now), in my authorization middleware I create this:
auth0.middleware.ts

import Auth0 from 'auth0';

....

var auth0 = new Auth0.AuthenticationClient({
      domain: String(process.env.AUTH0DOMAIN),
      clientId: String(clientId)
});

const userAuth0: IUserAuth0 = await auth0.getProfile(String(token));

It runs well before, untill I got error 429

after 3 api request, I got that error.

is there any better solution?

because my app have many connection clients, that’s why I need to check authorization from many different clients?

5

Or may be I need to apply this?

https://auth0.com/docs/api/authentication?http#authorization-code-flow45