I have my own private backend, set up on AWS, running Django. Now, I’ve followed the single page spk auth0 tutorial, and can currently log in, receive what I believe is an opaque token, pass it to my backend, and have my backend call the authentication api using the userinfo url. What I receive is a string of attributes missing their corresponding values (IE I receive the string ‘emailnamenicknamepic…’(or something like that, I don’t currently have the string on me)). I assume I haven’t received a proper jwt bc I haven’t set the audience attribute in the authModule, which leads me to my first problem.
I have no idea what to set the audience attribute to. I set up a custom API in auth0, but I have no idea what that is, or what it does, and if I should set the audience attribute to its url. There already seems to be an authentication api set up for me, so I’m confused as to why I have the option of adding more APIs. I just need a token I can pass to my backend which my backend can use to authenticate the user. Should I set the audience attribute to my own, private backend url?
Additionally, when my backend checks the validity of tokens I pass to it, which api should it check against? I’m assuming the authentication API, but maybe I should have it check against my custom API? Also, does the authentication API hold my database of users? If from my own backend API, I want to get the usernames of my users, what auth0 API should I call? I read in the auth0 quickstart for my custom API that I need to add javascript to it in order to have it function? What? Am I understanding that right? If so, I don’t even know how to add code to the API, since there doesn’t seem to be some way of accessing it internally.
As you can see, I’m very confused about the role APIs play in Auth0. At a very basic level, all I want is to generate jwts I can cross-check with Auth0 to verify the identity of a user, and to retrieve usernames for that user from Auth0. I already have my own private database established, so I don’t need more interaction with Auth0 beyond this. Any help clarifying all this confusion would be greatly appreciated.