Spring-boot + VueJS - UserInfo and unauthorized

Hello :slight_smile:

I come to you after pages and pages of Google research and getting lost in the Auth0 documentation :slight_smile: .

I have a VueJS project, with a BE in Spring boot.
I’ve implemented Auth0 to login on my app with the quickstart about VueJS. Everything’s working. It’s perfect. I’ve also created an API in Auth0.

Now I want to get user metadata - So I tried to call “/userInfo” endpoint from my frontend - with the access token I get after my connection. But I have an unauthorized error in Postman.
I saw discussions about scope (that seems not to be in the “Calling API” VueJS documentation), about audience, about CORS, etc. - And it’s from that point that I started to research - too much - about it ; and get lost :smiley:

I have few “simple” questions :

  • With the Auth0 VueJS documentation, I saw we need Express to create a server and use the VueJS Auth0 API. Do we always need a server to reach the Auth0 API or some endpoint are directly reachable with the front (with axios, for example) ? Like the “/userInfo”.

  • My BE is in Spring Boot : Can I use something directly in my Spring Boot app to reach my API - rather than NodeJS/express on the VueJS side ? I tried to find somthing in the Auth0 Spring Boot quickstart but I felt I went too far.

  • I saw topics talking about scope, audience, given in the request body - some of them didn’t need it to reach the API ; I’m a little confused about what I’m supposed to do

Thank you for your answers :sunny:

Hey there @be_lly welcome to the community!

Can you confirm that openid was granted as a scope for the access token in question? /userinfo will always fail if this wasn’t included in the initial authorize flow.