Auth0 Home Blog Docs

Question on having one application with multiple application types


#1

Is it possible to create one Auth0 application that has multiple “Application Types” OR create two Auth0 applications with different “Application Types” that trust each other?

I have a .net web api, which I created with Application Type of “Machine to Machine” and got it working with Auth0. I also have an Ionic Mobile app which needs to access the .net web api, but I had to create a new Auth0 app for it with a application type of “Native” to allow the app to log in via Auth0. Now I’m not sure what the simplest way is to get the ionic mobile app to access secure information on the .net web api. Do I have to create 2 tokens?

Any advice, or pointers to the correct documentation would be greatly appreciated! Thanks in advance!


#3

I think I’ve figured this out, if anyone else is a newbie and trying to understand how auth0 works. There appears to be an certain level of trust between any machine to machine app and a native app using pkce, via the auth0 APIs. If you click on one of your auth0 API’s, and then go to the tab labeled “machine to machine applications” it says: "Here is a list of your Machine to Machine Applications. You can authorize these to request access tokens for this API by executing a client credentials exchange.

Single Page and Native apps do not require further configuration. SPAs can execute the Implicit Grant to access APIs while Native Apps can do Authorize Code with PKCE for the same purpose."

So to achieve this I downloaded the ionic 3 demo app from the link below and configured it using my auth0 native application settings:

And then based on akselon’s solution at the bottom of this thread:

I changed the options variable in the auth.services.ts file to look like this:

const options = {
scope: ‘openid profile email offline_access’,
audience: ‘https://AudienceUrlForYourMachineToMachineAppHere/api
};

Where the AudienceUrlForYourMachineToMachineAppHere, was exactly what it says. It’s not the audience of the Native app. Also, I found that you don’t need the ‘/v2/’ at the end as akselon mentions, and in fact I couldn’t get it to work that way. So in the end, the audience is really just a straight copy of the auth0 API’s audience for the machine to machine auth0 app.

The native demo app will then return an authResult.accessToken that you can use to hit the machine to machine app directly.