I am using Auth0 for authentication purpose and we are using microservices architecture for API’s. Can anyone suggest the ways to authenticate the API’s since auth0 is not supporting multiple audiences? I am hosting my API’s in azure cloud services
Welcome to the Community! One solution for your use case is a single logical API for all your backend APIs:
Another option is manually going back to Auth0 to request tokens with whichever audience is required.
I have used a single logical API to authenticate microservices. But the issue is I am able to authenticate only one API(micro service) and the rest of the microservices are throwing an unauthorized error. We have hosted our services in Azure.
I have used created one API in auth0 and used the same audience for both the micro-services. For the first micro service it is working fine but for the second service, it is throwing an unauthorized error.
Our client application is in angular 6.
Can you also share any documentation on manually going back to Auth0 to request tokens with whichever audience is required?
I don’t have any documentation re: going back to Auth0 to get new tokens with the correct audience. It is a model that my dev team had discussed with Auth0 Professional Services, but we settled on the single logical API model.
Thanks for your response
Some edited text below from a conversation with one of my devs re: this alternate approach. After some discussion interally we’ve decided to not use the logical API model and instead use this model:
from a high level its logging in totally as normal with the auth0 submodule. Then it is doing silent auths via an ApiService for each API audience needed, and caching the tokens that come back
Can either be on demand, (I need to hit API ‘foo’, so does a silent auth with that audience and caches the access token) or for a suite of APIs. (log in, and do a bunch of silent auths at the same time)
Hope that helps. If I can get a more detailed description I’ll send it along.