We have a software written in PHP as backend. And Jquery on the front end.
We used to use our own authentication but I would like to switch to Auth0.
I followed the php backend tutorial and I can verify tokens. But I’m not sure how save they are becouse I past a test token from the test app to the API and it works. But when I try to call the getuser api it is not working with that token.
For the pure jquery front-end I would like to use the most easy verfification method to generate the token. Then that token should be passed to PHP as a bearer with every back-end call.
But: In the back-end I would like to have all user info of the logged in user.
How do I get this info from the token?
I setted up an api in auth0 for this php back-end as described in the tutorial.
What tutorial do I need to follow for the jquery part?
How you build it depends on your architecture and how the API is used. If the API is on the same domain as the JavaScript application and you can use your back-end for the authentication flow, then you can just use cookies for the session.
If, however, the API is on a different domain or all of your authentication needs to happen in JavaScript without a back-end (in other words, the front-end is a true single-page application), then you’ll need to issue tokens for the API and send the in the header.
Regardless of what flow you’re using, you’ll get both an ID token and an access token, both of which contain a sub claim which is the Auth0 user ID. The ID token can also include an email address which you can use to associate the user to the Auth0 user ID wherever you’re storing the user data. Once that link has been made, the sub in the access token can be used to identify the user that’s taking the action.
We have a quickstart for this in JS:
The part that is missing here is the audience parameter for your API added to the configuration when you do var webAuth = new auth0.WebAuth. That will send back an access token needed for the API.