Use JWT Access-Token from SPA SDK Login for backend API verification

prutheus · February 6, 2022, 9:45pm

Hello @all!

I have a SPA frontend where I use the auth0 sdk for login.

After successful login, I can retrieve the accessToken from my auth0 client.

Now, I have a backend API in python - FastAPI - which should only be accessible for authenticated users.
So, I add the access token retrieved from the SPA SDK to the backend request and want to validate the token now in my backend to make the data response. I do not need to query the Management API for further stuff, I just need to validate the token.

However, following the tutorial here I can not verify the token. With this code sample, I just can verify tokens issued for API’s, how can I verify tokens issued from SPA SDK applications ?

dan.woda · February 7, 2022, 9:14pm

Hi @prutheus,

Your SPA is not issuing any tokens here. The access token here is being issued by the auth server, to your SPA, for your API.

The API audience parameter you are setting in both your SPA and API should correspond with the API identifier you registered in the dashboard for your fast API.

In your SPA, you should be requesting a token with the audience/identifier you registered for your fast API in the dashboard, then you should be sending that token to your API, where it is verified to have the correct audience.

Does that make sense?

Topic		Replies	Views
Validating SPA JWT Tokens in the backend Help management-api , clients	2	1326	November 14, 2022
Protect backend endpoints using auth in SPA Knowledge Articles api , spa , audience , backend	1	821	August 21, 2023
Authentication with SPA and API Help jwt , auth0	2	4041	September 17, 2020
API authentication not possible from SPA Help apis , application	4	933	September 11, 2023
How to obtain id_token with auth0-spa-js Help spa	20	22066	February 27, 2020

Use JWT Access-Token from SPA SDK Login for backend API verification

Related Topics