I’m using Laravel for backend. I have a REST routes.
I don’t fully understand how Auth0 works in case of API.
I wanted to do the following.
As there is no need to make authentication each time - frontend is always the same - I wanted to use queries with secret part (sha1(param1.param2.param3.timestamp.auth0Access_token.secret)).
Access_token I need to get user’s permissions from Auth0.
Backend gets query, checks hash, get permissions from Auth0 by access_token then gives out correct answer to frontend. The question is how to get permissions by access_token in PHP. The second question is - access_token is created after authentication, but there is no authentication, it should be permanent. But how withiut authentication attach each access_token to specific user so that I could get user’s permissions by this access_token.
Total mess… Explain me please how Auth0 works with API?
P.S. For now I implemented Auth0 for user authentication and authorization. Routes and menus in my SPA are not generated if user has no permissions for it. But now I need to get data from REST endpoints but not just get, but check again on backend if user has permissions for this endpoint or not.
Update1.
Since there is no way to change access_token after getting of it, I could just pass it to backend and get permissions from it. Nut I need to somehow to decode access_token on backend side in PHP.