I am using machine-machine authentication using auth0.
My WebAPI has about 8 end points and I need to restrict specific end points by the user. How can I achieve this. The rule has to be set at the client level.
Have you looked into scopes (under Applications in auth0 dashboard) - and if using .net web api those will need to be translated to claims (requires a custom filter). You can then use those claims to lockdown the endpoints/methods. For example if you add a scope of read:messages" then you decorate your method with [Authorize(“read:messages”)].
This is helps I can add more info if you are using .net web api core 2.0
Also some things are unclear - you say user but also say machine-to-machine.
thanks for the reply.
I am referring to each machine-to machine setup as a user as I will have multiple of such users.
I added scope to the API, but the token is not including it. Do I need to specifically add the scope anywhere else in the auth0 interface?
Hey there everyone!
Sorry for the delay in response! We’re doing our best in providing you with best developer support experience out there but sometimes there are simply too many questions coming in. Sorry for the inconvenience!
Do you still require assistance?