Hi,
I see that everywhere, tutorials about authenticating react-native applications using auth0 , with call back that goes directly to client,
but nobody talks about how do I secure my back end, I can’t jus sent a token to it ?
so what are the steps after react-native client receives back callback with successful authentication via (facebook, or google) how do I authenticate my back end now?
To protect your backend, you first register it as an API in Auth0 under Dashboard > API. You’d give this API an identifier, and define permissions/scopes that you want to use to protect this API’s endpoints.
Then, in your React client, when making the authorization request to get the access token, you need to add this API identifier as audience parameter in the request, together with the scopes you want to request, which goes in the scope parameter of the request.
Note that beside the quickstart 01-Login sample, there is another sample 02-Calling-an-API on Github that shows how to do that.
https://github.com/auth0-samples/auth0-react-samples/tree/master/02-Calling-an-API
General docs on API/Backend authorization and its configuration in Auth0:
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.