Is auth0.getTokenSilently() generate token with client secret?


I have a doubt, the getTokenSilently is generating token with my client secret that I have auth application?

I have this doubt because my core is not validating the secret key, below it is my code.

services.AddAuthentication(options =>
options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
}).AddJwtBearer(options =>
options.Authority = domain;
options.Audience = audience;
options.TokenValidationParameters = new TokenValidationParameters
NameClaimType = ClaimTypes.NameIdentifier,
ValidateIssuerSigningKey = true,
IssuerSigningKey = new SymmetricSecurityKey(key),
ClockSkew = TimeSpan.FromSeconds(10),
RequireExpirationTime = true,
ValidateLifetime = true,
ValidateIssuer = true,
ValidateAudience = true

Hi @StephanyBatista,

Welcome to the Community!

getTokenSilently is not generating a token, but making a request to have Auth0 issue a token.

I would suggest taking a look at our C# quickstart to see how we validate access tokens.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.