I have a simple websocket project using the Auth0 React library…
If you wire that up with your Auth0 info
spring:
security:
oauth2:
resourceserver:
jwt:
issuer-uri: ...
audiences:
- ...
app:
auth:
client-id: ...
scope: "openid profile read:transactions"
You should see it work, however, I am following the instructions and instead of a secure http-only cookie it is having me manually inject the tokens in the headers. I am not opposed to this as I have good XSS measures but is that really the only way? Also, if I am passing an access token can I pass the opaque one and then grab the user info using the token in the backend like in the AuthenticationProvider or something?