Trying to figure out the Authentication flow


I’m trying to figure out the correct way to integrate Auth0 into my Vue application. I always struggle with Authentication. I’ve followed the quick start guide for Vue and I am able to access the id_token, access_token and expires_at timestamp stored by the handleAuthentication method in local storage.

I have a few questions. The first is that I do not receive a refresh token with my authentication. I do however get an expires at time. Do that mean my access_token will expire? How do I refresh it without a refresh token?

My second question is about authentication on my backend api. Should this work by have Vue send the access token with every request and having the backend make a request to auth0 to get the userId and then using that to identify the user on the backend?

Thank you so much for your help.

:wave: @patrickcorrigan7 the vue application example I followed here there is a setSession method that set the time that the access token. Do note there are restrictions on the length.

This is a Single Page Application? In this case we cannot use refresh tokens as the browser is not secure to store such long-lived tokens. You should be able to use checkSession to achieve a similar result and receive new tokens (described here).

For your question, I would create an API (APIs section in Dashboard) to represent your api. You can then configure the authorization to include an audience parameter to your API. Next would be to setup your API to receive and validate access tokens issued by your Auth0 account, depending on your backend API we have some guides here. The received access token would be used in any call that the client application would need to perform to the API.

Please let me know if this is what you are looking to achieve!