Auth0 Home Blog Docs

SPAs communicating with an API


I am a bit confused about user authentication for SPAs communicating with an API. I am used to checking the user’s cred against the database and then creating a session/cookie.

I am currently working on adding user authentication to my client app using Auth0. I am able to have the user login on the client with Auth0-lock and have it redirect back to my app with the JWT.

I am trying to protect some resources in my API by requiring that the user is authenticated. I have a Rails API with the Knock gem ( here).

When I try to make a get request, I am still getting 401 error and I assume it’s because I don’t have my User model set up correctly.

Important: New Guidance for Rules Best Practices

Hey there @DavidTucker, I would happy to troubleshoot this 401 error you are receiving. However to do so we need a HAR file for the error producing workflow as we as your tenant name. When you get a chance can you DM those over to me? Thanks in advance!


I finally got it to work - turns out the knock gem was catching all erros and not throwing it so I couldn’t see that my token was expired.


Sounds great and thank you for sharing the solution! Be sure to come back to us if you have any questions or share your build in Show Your Auth0!

closed #6

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.