How to validate web app Access Token from External API

I did the base setup for a Nextjs app using Auth0. In the example, you get this

import { getAccessToken, getSession } from "@auth0/nextjs-auth0";

export default async (req, res) => {
const { accessToken } = await getAccessToken(req, res);

    const result = await fetch("https://localhost:44336/weatherforecast", {
      headers: {
        Authorization: `Bearer ${accessToken}`,
      },
    });

This external API is something I just created in c#. I created a Machine to Machine Api in Auth0 dashboard and authorized my webApp. It just won’t work. User isn’t set and Authorization attribute isn’T working.

I wonder how it can works actually. The Api setup tells me to add JwtBearer Auth, however, AccessToken from Webapp isn’t a Jwt…

What am I missing?
Here my c# setup:

services.AddAuthentication(options =>
      {
        options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
        options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
      }).AddJwtBearer(options =>
      {
        options.Authority = "https://myorg.auth0.com/";
        options.Audience = "MyAPIAudience";
      });

Hi @gabbourget ,

Welcome to the Auth0 community!

When you are authenticating the user in the NextJs application, have you set an audience value in the authentication request, and does it match with API Identifier?

1 Like

Nop didn’t understand that. I got it working now with audience AND setting scope.

Thx

2 Likes

Great! thank you for sharing the solution with us.

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.