Hi,
I am creating an API for our service and would be used to display user details like the subscription info and such after they log in.
But is it better if I use the token from Universal Login or collect the user info, pass it to my API and authenticate the user there?
Thanks in advance!
Hi @vnp01,
It sounds like this is data that only logged in users should see. It’d be best to use the Access Token that is issued after authentication. The frontend will use the Access Token as a bearer token with each API request. You can use an Auth0 SDK in your API to validate the Access Token.
Let me know if you have further questions!
Hey @stephanie.chamblee,
Thank you for the reply!
So, from what I understand exposing the access Token on the client side is not a problem?
It depends on the architecture of the application. You can read about the best token storage options for most scenarios here: Token Storage.
It might also be helpful to take a look at the Authorization Code Flow:
In step 9, the client-side app passes the Access Token with requests to the API.
There are several examples of this flow that you can spin up in our Quickstart applications: Auth0.
Thank you! I will certainly look into it.
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.
