How to validate web app Access Token from External API

gabbourget · March 6, 2021, 8:20pm

I did the base setup for a Nextjs app using Auth0. In the example, you get this

import { getAccessToken, getSession } from "@auth0/nextjs-auth0";

export default async (req, res) => {
const { accessToken } = await getAccessToken(req, res);

    const result = await fetch("https://localhost:44336/weatherforecast", {
      headers: {
        Authorization: `Bearer ${accessToken}`,
      },
    });

This external API is something I just created in c#. I created a Machine to Machine Api in Auth0 dashboard and authorized my webApp. It just won’t work. User isn’t set and Authorization attribute isn’T working.

I wonder how it can works actually. The Api setup tells me to add JwtBearer Auth, however, AccessToken from Webapp isn’t a Jwt…

What am I missing?
Here my c# setup:

services.AddAuthentication(options =>
      {
        options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
        options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
      }).AddJwtBearer(options =>
      {
        options.Authority = "https://myorg.auth0.com/";
        options.Audience = "MyAPIAudience";
      });

supun · March 7, 2021, 3:28am

Hi @gabbourget ,

Welcome to the Auth0 community!

When you are authenticating the user in the NextJs application, have you set an audience value in the authentication request, and does it match with API Identifier?

gabbourget · March 7, 2021, 5:48pm

Nop didn’t understand that. I got it working now with audience AND setting scope.

Thx

supun · March 8, 2021, 3:03am

Great! thank you for sharing the solution with us.

system · March 23, 2021, 3:03am

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.