I’m having problems trying to access endpoints that requires authorization and don’t really know how to solve it… Here is the thing:
I’ve an Angular APP which implements Auth0/Angular library. In Auth0, I’ve created a Single Page Application, so in my configuration settings I’m using it’s domain and ClientID. The application is working fine and also de login, and I can find the accessToken (with getAccessTokenSilently) and also the idToken(with getIdTokenClaims).
My backend, is a .NET App. I’ve created a Regular Web Application in Auth0 and also im using its configuration seetings with the domain and ClientId (the domain is the same between 2 apps but ClientId is different).
So now, when Im testing an endpoint with Swagger which requires Authorization, I try to authorize with the accessToken or the idToken that the Angular app provides, but its giving me errors and is not working. How can I solve that? Is because the audiences are different? What should I do? (In conf settings, Domain and Audience matches between 2 apps)
Regardless of the framework, you’ll need the access token and not the ID token to call your API. What type of errors are you receiving? Anything helpful? If I had to guess it would be due to a mismatch in audience value - The audience (API identifier) you call /authorize with needs to match the audience configured at your API.
The audience param was the same between the 2 apps, the only different param was the CliendIt… I managed to create an endpoint in my backend API to create a response with the accessToken and the idToken, so when I login in my front end I can set the response in LocalStorage and set in Headers as a Bearer Authorization in order to access my authorized endpoints. I guess I will find some problems with that method but for now it’s working.