Login with Social providers + Auth0 + Web Api Backend


I am new using auth0 I need to show a demo to my clients using auth0 to solve this problem:

I need to access from different apps(IOS,Android, UWP, desktop) to my backend (Asp.Net
Web Api) using social providers like facebook (for now and later twitter or another) all the users must be stored in my custom database.
I configured my custom database now I can login, verify, create etc…
I made some rules to enrich my login info.
I created a new API following this tutorial:
Auth0 ASP.NET Web API (OWIN) SDK Quickstarts: Authorization
I can do the test successfully using PostMan to my backend.

I am using RS256 algorithm

I created a new UWP app I installed the nuget package
Auth0 OIDC Client for Universal Windows Platform (UWP) applications
I used the client Id of my new client(myapi-test) and the secret key
var client = new Auth0Client(new Auth0ClientOptions
Domain = “xxx.auth0.com”,
ClientId = “xxxxxxxx”,
ClientSecret= “xxxxxxxx”

            var loginResult = await client.LoginAsync();

I could see in the error log I need to add to the client myapi-test(no interactive) the callback
because I got this error in the log:
Callback URL mismatch. https://xxx.auth0.com/mobile is not in the list of allowed callback URLs

Now I run again my UWP and I can see the login page I used facebook and I got my token.

I guess with this token I can make request to my backend(Web Api) but always I get the error

    "message": "Authorization has been denied for this request."

like I said I am new using Auth0 someone can help me? I want to use the token that I get from my login page of my mobile apps to make requests to my Backend.
I don’t know if I am missing something.

Thank you!

Which token are you passing to the API? You need to pass the AccessToken along,

If that does not work, please post the AccessToken here so I can have a look at it.

Also, our Web API quickstart has a troubleshooting guide which helps you work through these issues:

Thank you! for your response I checked the access _token and it is too short :confused:
Now I am sure I am doing something wrong

If it is too short, it is because you are not passing the audience. See the code snippet on this page for how you need to pass the audience

The audience should be the API Identifier for your API

Ok Thank you for your help.
I got the access_ token too short from my UWP application.
I used Post Man using a test request to my localhost environment and I can get the expected results.
The problem is when I use my UWP App and I try to login using Facebook.

this is my code :

var client = new Auth0Client(new Auth0ClientOptions
                Domain = "xxxx.auth0.com",
                ClientId = "xxxxxx",
                ClientSecret= "xxx"

            var loginResult = await client.LoginAsync();

I think the issue is from my client-test (non interactive) I am not sure.
the login result is:
User: I can see the data and the flag IsAuthenticated is True.

I am using the domain & clientId of my client(non interactive)

I can see in the IdentityToken property I got all the profile data of the user.

Did you look at this page I posted above?

You need to pass audience when calling LoginAsync()

Thank you! I didn’t see that now I can call my API.