I need to access the passkey’s PublicKey from the clinet and I have been trying to implement the best solution.
I followed the nextjs on github: auth0-nextjs-samples
(Note for the repo owners, there’s a mistake in the tutoria when setting app the Apps URLs, the callback suggested is api/auth/callback but reading the codesourse is auth/callback)
My understanding is that I need to call /api/v2/users/${user.sub}/authentication-methods and configure the Auth setup accordingly:
- Application type: Regular Web Application
- Enable passkey DB (with Authentication Profile: Identifier First )
- Authentication method: any other than None (using “Client Secret Post”)
- Set Grant Type to “Client Credentials”
- Passed in env.local the relative scope, intents:
- AUTH0_SCOPE=‘openid profile email authentication_methods’
- AUTH0_SCOPE=‘openid profile email read:authentication_methods’
- I needed to fetch the access_tocken from
{process.env.AUDIENCE}/oauth/tokenwith grant_type: ‘client_credentials’ passing the client_secret and the client_id. - I’m calling this endpoint from a Next.js server to make sure it was not running on the browser
Finally I manage, but I want to understand what of all this is necessary and what not.
Using auth0.getAccessToken() from @auth0/nextjs-auth0/server gave me this error:
{
“statusCode”: 403,
“error”: “Forbidden”,
“message”: “Insufficient scope, expected any of: read:authentication_methods”,
“errorCode”: “insufficient_scope”
}
I matched the 2 tokens from getAccessToken() and the fetch(‘…/oauth/token’) and they are different. Is that expected? why are they different?
I was getting the same error when trying with a client only React app and Application type set to SPA.
Can anyone tell me if what I have is correct or I went down the wrong road?
Thanks!