Hi, I’m little confused how to achieve the following scenario, where my Frontend (SPA) will access a REST API including the current authenticated Auth0-User and the roles, that was linked to this particular user:
- SPA contains Auth0-SignUp/SignIn capabilities
- After a SignUp in the SPA, user will be created in Backend via REST API and Post-Creation-Hook
- After SignIn, my SPA will get the UserID of my backend via meta_data of the Auth0-User
- When accessing my Backend via Rest-API, an AccessToken (JWT) will be obtained and be validated on the Backend
This is what I have so far.
But now I don’t want just to create a “global” accessToken for my own REST API, which was created with grant_type “credentials”, clientId and clientSecret.
Instead, I want to create a JWT-token for the current authenticated User that my Backend can check not only, if the general JWT token is valid, but also, which user was responsible for this specific API request.
What would be the right workflow for this?