I totally got lost in the aut0 documentation and something that I thought should be simple now seems a nightmare.
- To use auth0 as SSO for my application with multiple users
- Be redirected to login page and obtain JWT token for a concrete user not an application.
- Pass this token to a java spring backend application configured with @PreAuthorize annotation to authorize the logged user.
As simple as it sounds, I can not understand how to do this with auth0.
- The APIs with the scopes are created for an application not for a user. Why would I need to authorize a whole application? I need to authorize a single user of this application? I can not understand how this is configured.
- I can not understand how to obtain a JWT token when user is logged and can not understand which endpoint to call. I want to use a front end app to get this token and then to pass it to Java backend to validate if user has rights to perform given action?
What am I missing in the whole process? Please help.