I am new to auth0 community and auth0 as a whole.
I have developed an Android application that utilizes Auth0 for user authentication and authorization. While Auth0 manages user accounts and credentials, I need to store additional user data on a backend server.
My goal is to establish a secure communication channel between the Android app and backend server, ensuring that only authenticated users can access and interact with the backend resources. I intend to achieve this by using the JWT token obtained from Auth0 during login to authorize requests from the Android app to the backend server.
I followed some articles and found out that I have to create API for the backend application in auth0 and then set it as audience in order to consume the token ( validate the token against my endpoint). It was not clear WHY I need to do it. But I just followed along.
And am I going in right direction?
Also can someone explain how does the backend validate the token? Does the backend send the token to auth0 or does it just compare the audience of the token?