Auth0 Home Blog Docs

SPAs communicating with an API

api
spa
rails
knock
#1

I am a bit confused about user authentication for SPAs communicating with an API. I am used to checking the user’s cred against the database and then creating a session/cookie.

I am currently working on adding user authentication to my client app using Auth0. I am able to have the user login on the client with Auth0-lock and have it redirect back to my app with the JWT.

I am trying to protect some resources in my API by requiring that the user is authenticated. I have a Rails API with the Knock gem (https://auth0.com/docs/quickstart/backend/rails here).

When I try to make a get request, I am still getting 401 error and I assume it’s because I don’t have my User model set up correctly.

Important: New Guidance for Rules Best Practices
#3

Hey there @DavidTucker, I would happy to troubleshoot this 401 error you are receiving. However to do so we need a HAR file for the error producing workflow as we as your tenant name. When you get a chance can you DM those over to me? Thanks in advance!

#4

I finally got it to work - turns out the knock gem was catching all erros and not throwing it so I couldn’t see that my token was expired.

#5

Sounds great and thank you for sharing the solution! Be sure to come back to us if you have any questions or share your build in Show Your Auth0!

closed #6

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.