Delving into this further I’m getting more and more lost !
So on Auth0 I had two applications: one regular web application for Laravel, one Native application for Nativescript-Vue. As well as this one created 1 API for Laravel. Here are some images to make it clearer…
For my Native App when I originally logged in the user, I had Auth0 log them through the Native Application - I thought that you had to create a Auth0 application for each type of platform you deploy to…
But I added aditional callbacks for my regular web application and modified Token Endpoint Authentication Method to none, then I was able to authenicate the user on my native app through the Auth0 “web application” ? Bit confused by this… so does that mean my native application auth0 is redundant? Can I just log/sign up users through the Auth0 Web Application that is linked to Laravel?
Additionally when I authenicate the user, I set the audience as for the Auth0 API which is linked to Laravel… this then gives me an jwt access token (which allows to me to access my Laravel API routes with a jwt middleware BUT not my standard Laravel routes secured by the auth middleware) and a seperate id token (which contains user info).
Now… I’m still stuck on trying to making it so that my Laravel API authenicates the user, and ONLY allowing them user specific information. At this rate since I’m on a time deadline, I might just include the user’s email as an additional field in the GET request and then do processing that way… Annoyingly this would technically allow any authenicated user to search for other users data >.<