Simple SSO with JWT

nikolay.cheltsov · June 20, 2018, 7:54am

Hello guys,

I totally got lost in the aut0 documentation and something that I thought should be simple now seems a nightmare.

I want:

To use auth0 as SSO for my application with multiple users
Be redirected to login page and obtain JWT token for a concrete user not an application.
Pass this token to a java spring backend application configured with @PreAuthorize annotation to authorize the logged user.

As simple as it sounds, I can not understand how to do this with auth0.

The APIs with the scopes are created for an application not for a user. Why would I need to authorize a whole application? I need to authorize a single user of this application? I can not understand how this is configured.
I can not understand how to obtain a JWT token when user is logged and can not understand which endpoint to call. I want to use a front end app to get this token and then to pass it to Java backend to validate if user has rights to perform given action?

What am I missing in the whole process? Please help.

kimcodes · September 6, 2018, 2:49pm

@nikolay.cheltsov it seems you are referring to the Client Credentials Grant which as you mentioned the token is issued to the application itself, instead of an end user. What sort of application are you building? This article explains which flow to use for your application (https://auth0.com/docs/api-auth/which-oauth-flow-to-use).

Topic		Replies	Views
User Authorization, I am very confused Help jwt , auth0 , api	5	4206	October 2, 2019
Two Auth0 Applications, different JWT tokens, how to authenticate with each other? Help	2	3225	September 4, 2019
How to secure an API with Auth0 Help access-token	5	10541	February 10, 2019
How to implement SSO for multiple apps with google as identity provider Help sso	2	4668	April 7, 2020
I have a jwt from an external source. Can I use it to auth to Auth0 so I can then authenticate to another application? JWT.io jwt , auth0	0	3289	April 13, 2020