Hello, I have a question about protected apis.
Let’s say I am going to use two api.
One is https://www.test.com/warehouses (I will call this A).https://www.authentication.com/login (I will call this B)
I will use custom database and a user will be validated from B.https://www.authentication.com/products ,https://www.authentication.com/drivers because I will make https://www.authentication.com/ as protected api by auth0.
I also need to use the token in A as well so that only user authenticated from auth0 should have access to the resource in A.
In this case, Do I have to create two protected api? if so, is there any way to add multiple audience to Auth0 Provider in react app?
<Auth0Provider
domain="dev-1j7fu4lg.us.auth0.com"
audience=""
clientId=""
redirectUri=""
prompt=""
scope=""
>
Please let me know if my question is unclear.
Hi @hyun.park ,
You can register the two APIs separately in Auth0, and use the test.com and authentication.com as separate identifiers (audiences).
If you take this approach, you will need to request a separate token for each API. Assuming you are using the Auth0 React SDK, you would request the token with getAccessTokenSilently and pass the audience directly with this request. Like this:
getAccessTokenSilently({audience:'https://test.com/'})
1 Like
Thank you for the answer!
I have one more question. In my server, I need to validate the token which came from my react app right?
I will use django for server, is there any helpful reference how I implement the validation logic?
Hello dan,
I have encountered an issue while I am following your guide.
I could only get a token
when I passed audience parameter with certain api endpoint.
I will explain what I have done for better understanding.
I created two protected api
test.com authorization.com
next, in my react app
I passed audience parameter to auth0 provider
<Auth0Provider
audience="authorization.com"
/>
(I also passed required parameters)
in this case, I was able to get token for authorization.com with this
getAccessTokenSilently({ audience: “authorization.com ” })
However, I wasn’t able to get token for test.com
do you have an idea for this?
and I have one more question, is there any way to get secret key from the access token?
I think I have to explain what I am trying to achieve.
Now I have one server that has many apis and it is currently live. Many customer are using it.
The server itself generates a token and has a validation logic.
Our company now is trying to separate server from existing server for login and validation. In the future,
Our users are going to login to new server where auth0 is going to be implemented.
Existing server(django), new server(django), application(react)
Now that users are going to get auth0 token, I want to use the token to our existing
server as well. I want to use only one token for new server and existing server. Have you ever
experienced this situation? and how do you solve this issue?
Let me know if there is unclear part.
If you control both of these servers you should be able to set them to verify whatever audience you’d like. I’m still not 100% sure I understand your architecture though.
As for getting a token with test.com as the audience, this should just require sending it with the request to getAccessTokenSilently. It looks like you are still sending the authorization.com audience.
system
March 17, 2022, 11:21pm
9
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.