Is auth0.getTokenSilently() generate token with client secret?

StephanyBatista · May 1, 2020, 2:16pm

Hi,

I have a doubt, the getTokenSilently is generating token with my client secret that I have auth application?

I have this doubt because my asp.net core is not validating the secret key, below it is my code.

services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
}).AddJwtBearer(options =>
{
options.Authority = domain;
options.Audience = audience;
options.TokenValidationParameters = new TokenValidationParameters
{
NameClaimType = ClaimTypes.NameIdentifier,
ValidateIssuerSigningKey = true,
IssuerSigningKey = new SymmetricSecurityKey(key),
ClockSkew = TimeSpan.FromSeconds(10),
RequireExpirationTime = true,
ValidateLifetime = true,
ValidateIssuer = true,
ValidateAudience = true
};
});

dan.woda · May 4, 2020, 5:03pm

Hi @StephanyBatista,

Welcome to the Community!

getTokenSilently is not generating a token, but making a request to have Auth0 issue a token.

I would suggest taking a look at our C# quickstart to see how we validate access tokens.

dan.woda · May 18, 2020, 9:03pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.