Hello all,
A question please about roles and permissions.
I have a routing api and I receive a token retrieved from a user after his connection with the auth0 form, this api will verify the token with the php verify sdk.
After that the routing api will call other apis and on these apis I need to check if the token is legitimate and retrieve the permissions and roles as well as the audience.
How to do please?
Thanks
Thank you for posting you question on the Auth0 Community.
In order to pass an access token to other APIs you can make a HTTP GET request and send the token in the authorization header by following the exact steps presented in our documentation for the Use of Access Tokens.
From the response your API’s server will have to decode the header, extract and verify the token, and authenticate the request to see if the token is still valid and active, so you can refer to this documentation once again.
Afterwards, from the decoded token you will be able to retrieve and use the permissions and roles for your designated APIs.
I hope this helped.
Best regards,
Remus
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.