So I just tried it the way I describe above, with a simple test route at /accesstoken. I take the access token I get in my SPA, send it to my node server, and make a request to Auth0. It’s not working so far.
I send the token via post request to my server:
app.post(‘/accesstoken’, async function (req, res) {
const { token } = req.body; //grabbing the access token from the frontendconst user = await doesUserExist({ //this is a simple function which works when I request the token directly from the server with my client id & secret; using the token from the SPA, via req.body, does not work though. email: 'someuser@test.com', token, }); res.send({ doesUserExist: userExistsInAuth0 ? true : false });});
However, I am getting a status: 401,, statusText: 'Unauthorized',. When requesting directly via the server it works. The audience field is the same in both SPA & node server (is this how it should be? not sure, but with a different audience field it didn’t work).
Not sure where I am going wrong here?