Newbie Question - API Flow using Auth0

Hello,
I have an mobile app working with Auth0. Now, I’m trying to understand the process for the Mobile App talking to backend API’s. In oAuth, the mobile app would call a public API to get a token using the Client Cred and Secret. The API would return a token which the mobile App would send in the header of all the API calls. The API would check the token to make sure is it valid.

So, how does this work with Auth0? I have read everything on the site and available in the wild and I just don’t get the flow.

Here is my best guess:

  1. Mobile App calls Auth0 with client ID and secret
  2. Auth0 returns aJWT or token (don’t know which)?
  3. Mobile App sends the JWT or token to the API in the Header?
  4. API validates the JWT file? If it’s a token, then I have no idea what is next.

Any help would be great, Scott

I am using Android as an example, but the flow here should give you a pretty good idea - Auth0 Android SDK Quickstarts: Login should start you with the Getting Started section and then the flow should be walked through via the steps on the left side nav

Thank you. If gave me the some ideas and I found this document.https://auth0.com/docs/api-auth/grant/authorization-code-pkce

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.