Regardless of tech stack, you never want to use an ID token against a backend - You’ll need to utilize an access token instead. The following blog post does a great job clarifying the difference:
In terms of next.js, the following examples should help:
Note that if you are using the Auth0 Next.js SDK, you don’t need to specifically get ID or Access token to call the backend. If the user is logged in, the SDK will take care of this by using the session cookie. If you are using the App Router, the user info can be obtained in an API route with this code without having direct access to a token:
Hi @thameera, thanks for your help.
When I wanna integrate with my own backend(not Next.js) which token is needed, accessToken or idToken?
then, is there any way to get idToken in my client side?
Thanks again.
No problem. You will need an Access Token to call any external API.
Generally you would not need to access the ID token by itself since it’s used for initial authentication only. When you get the user’s data from getSession(), the info you get is actually what was present in the ID token.
Thanks again for your help.
I managed to get accessToken and used it for authorization in my rust backend.
but it is gotten in client side(using react query).
Is there a way to get it in getServersideProps and pass it as a parameter to component?
To be honest, I tried it but it is only possible after loggin in so it occurs error before logging in.
What you are seeing is expected, right? The session will go away once the user logs out and the code should not be able to get the access token afterwards. You should ideally do that with a try/catch and handle the scenario when the user attempts to access the page while not logged in.
thanks for your help.
I’ve resolved it.
Then, I am struggling against another issue…
I need to implement change password functionality.
I have one button-change password on my frontend.
and once I click it, then need to redirect auth0-change password page.
If you have any idea, I will really appreciate.
Thanks.