How to get user ID and use to consume endpoint

Hi,
I’m using Auth0 to handle authentication for one of my apps.
I’m using Angular and Laravel and I have successfully setup Auth0 on my front-end Angular application.

However the last remaining thing to do is to assign items in my database to the user ID of the Auth0 user and make sure only the items assigned to the logged in user are returned when consuming the classic get/index endpoint.
How do I do this in Angular and Laravel?
It seems I need to be able to get the user ID from the Auth0 Angular SDK and then pass that into the Angular service that consumes my own Laravel API. But how do I do this?

Hello @hello2, if you are doing the authentication on the browser-side (with a single page app) and Laravel acts as an API, you can take a look at our Laravel API authorization docs: https://auth0.com/docs/quickstart/backend/laravel/01-authorization You will need to create an API in the Auth0 dashboard that represents the Laravel API, if you haven’t done so already.

The Laravel API will validate the incoming access token, decode the user ID (which is included in the token as the sub claim) and return the response back.

Note that you should not be just passing the user_id from the frontend since this can be intercepted by an attacker, whereas the access token cannot be modified.

2 Likes

Thanks for sharing that knowledge @thameera!

Hi,

Thanks for that.
I’ve started looking into that tutorial but it doesn’t link up with the front end properly. For example, how do I programmatically get the auth token when a user successfully signs in to auth0’s stock login page?

Thanks

The quickstart I linked deals with the backend only and does not care how the frontend app retrieves the tokens. For that part you may want to follow a quickstart/example of the particular frontend technology. This is because the frontend and backend are essentially two apps.

You mention about Angular, so this quickstart should be what you are looking for: https://auth0.com/docs/quickstart/spa/angular2/01-login
It also has a section about calling an API with the tokens obtained.

Let me know if you need any clarifications.

2 Likes

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.