I have an mobile app working with Auth0. Now, I’m trying to understand the process for the Mobile App talking to backend API’s. In oAuth, the mobile app would call a public API to get a token using the Client Cred and Secret. The API would return a token which the mobile App would send in the header of all the API calls. The API would check the token to make sure is it valid.
So, how does this work with Auth0? I have read everything on the site and available in the wild and I just don’t get the flow.
Here is my best guess:
- Mobile App calls Auth0 with client ID and secret
- Auth0 returns aJWT or token (don’t know which)?
- Mobile App sends the JWT or token to the API in the Header?
- API validates the JWT file? If it’s a token, then I have no idea what is next.
Any help would be great, Scott