Problem to access an API

didier.boivin · January 22, 2022, 3:41pm

Hi everyone,
I am trying to protect an API after using authentication in may React Application
The authentication is Ok, but the settings seems to me very difficult to understand with the different settings like ‘audience’
So I need a JwToken to access my I Solved it with the this code
So now I have a token and I don’t understand how to use it to access my API
I have defined an API and I am confused how to use it I always have a 401 code
what I try to access it
What parameter should I put instead of xxx the domain
https://dev-123.eu.auth0.com or the name of the API

Thanks

Didier
The first part is sending me a 401 code

const userDetailsByIdUrl = xxx/api/v2/users/${user.sub}/roles;
const metadataResponse = axios(userDetailsByIdUrl, {
headers: {
“Authorization”: Bearer ${accessToken},
},
});

// The first part is Ok( obtain a token but
useEffect(() => {
const getUserMetadata = async () => {
const domain = “xxx”;

                const accessToken = await getAccessTokenSilently({
                  audience: `https://${domain}`,
                  scope: "read:current_user",
                });
                const userDetailsByIdUrl = `https://xxx/api/v2/users/${user.sub}/roles`;
                
                
                const metadataResponse =  axios(userDetailsByIdUrl, {
                  headers: {
                    "Authorization": `Bearer ${accessToken}`,
                  },
                });
          
                const { user_metadata } =  metadataResponse.json();
                console.log('user_metadata',user_metadata);
                setUserMetadata(user_metadata);
              
               
              
            };
          
            getUserMetadata();
          }, [getAccessTokenSilently, user]);

SaqibHussain · January 23, 2022, 4:45pm

Hi @didier.boivin

Welcome to the Auth0 Community, it’s great to have you here with us

The audience value is not necessarily the domain. You will have created an API in Auth0, as part of that creation you would have specified an identifier value, the audience you specify in the getAccessTokenSilently() call is the identifier value you specified when you created the API in Auth0.

The following community post will also help you https://community.auth0.com/t/understanding-how-the-audience-concept-actually-works/34011

Please let me know if you have further questions.

Best regards.