Hi,
I’m using Auth0 to handle authentication for one of my apps.
I’m using Angular and Laravel and I have successfully setup Auth0 on my front-end Angular application.
However the last remaining thing to do is to assign items in my database to the user ID of the Auth0 user and make sure only the items assigned to the logged in user are returned when consuming the classic get/index endpoint.
How do I do this in Angular and Laravel?
It seems I need to be able to get the user ID from the Auth0 Angular SDK and then pass that into the Angular service that consumes my own Laravel API. But how do I do this?
Hello @hello2, if you are doing the authentication on the browser-side (with a single page app) and Laravel acts as an API, you can take a look at our Laravel API authorization docs: Auth0 Laravel API SDK Quickstarts: Authorization You will need to create an API in the Auth0 dashboard that represents the Laravel API, if you haven’t done so already.
The Laravel API will validate the incoming access token, decode the user ID (which is included in the token as the sub claim) and return the response back.
Note that you should not be just passing the user_id from the frontend since this can be intercepted by an attacker, whereas the access token cannot be modified.
Thanks for that.
I’ve started looking into that tutorial but it doesn’t link up with the front end properly. For example, how do I programmatically get the auth token when a user successfully signs in to auth0’s stock login page?
The quickstart I linked deals with the backend only and does not care how the frontend app retrieves the tokens. For that part you may want to follow a quickstart/example of the particular frontend technology. This is because the frontend and backend are essentially two apps.