Providing API Secrets to client

qbressler · December 30, 2023, 11:12pm

I’m sorry if that has been discussed before, but what I’m looking for seems pretty straight forward. I have a RESTful api that I would like to secure. Based on this post, it seems that I’m able to provide our vendors with the client id / client secret to obtain access to the restful API. (How to implement API keys using Auth0?). For the purpose of our API, it will be M2M.

My question is, how would I identify which vendor is logging in based on the client secret? It appears that I’m missing a step somewhere.

Any help would be greatly appreciated.

Thanks!

dawid.matuszczyk · December 31, 2023, 2:18pm

Hi @qbressler

Welcome to the Auth0 Community!

Thank you for posting your question. I’ll respond as soon as I have more information regarding your case.

Thanks
Dawid

KSchmi · January 8, 2024, 3:29pm

The client_id of the vendor will be sent as the subject (sub) claim in the the access token (which is a JWT) that is passed in the authorization header by the vendor when calling your API. So, you can have a table on your side that maps vendor client_ids to their respective vendors and proper permissions for that user principle.

Topic		Replies	Views
How do you use Auth0 to authenticate & authorize 3rd party vendors? Help clients	4	4053	March 2, 2018
How to implement API keys using Auth0? Help auth0 , architecture , api-keys	11	32564	March 2, 2018
Setup application that provides Client ID & Secret to User Help management-api , users	2	586	November 20, 2023
Creating API key and secret for clients -- is it still the suggested approach? Help	2	6248	December 4, 2018
Building a public facing API with Auth0 Help management-api , grants	1	346	April 25, 2024

Providing API Secrets to client

Related Topics