I am quite new to Auth0.
I have a SPA application and a backend API (Account API) service protected by Auth0. I have configured SPA to use Auth0 and can login successfully.
However, I have trouble to configure Account API (using Authorize with scope) by JWT Bearer token. I keep getting invalid token error.
So, need help on a couple of things:
Logged into SPA with requesting scopes: openid profile email app_metadata read:account
** read:account is the scope of the Account API
I have to set Authorization header, with idtoken value before calling the Account API. Did I pass the correct token to call Account API?
I followed up the tutorial and documentation to set up Account API with Authorize(“read:account”). My code is exact like: https://auth0.com/docs/quickstart/backend/aspnet-core-webapi#validate-access-tokens
I think I may miss some settings in Auth0 or I misunderstood something.