User Authentication with Management API Authentication

HTeitge · March 12, 2019, 2:12pm

Good Day,

We want to perform user management and CRUD operations from our admin section which in turn needs to communicate with the Auth0 Management API.

We don’t to see a way or example where we can use the same token received after authentication/login for Management API calls, is there a way that we don’t have to request and utilise a second token?

Thanks!

markd · March 12, 2019, 6:47pm

Hello @HTeitge,

If I remember correctly, a user within your Auth0 tenant does not have and cannot get the privileges required to perform CRUD operations on other users within your tenant. For that level of access I believe your app must use the client credentials grant flow. You could perhaps combine the auth code grant flow with client credentials:

User logs in via authorization code grant flow,
If authentication is successful, you app checks to see if the user is authorized to perform CRUD operations,
If the user is authorized, then use client credentials grant flow for the CRUD operations.

Step 2 could be based on a role or group parameter in the user’s app_metadata.

HTeitge · March 12, 2019, 6:55pm

Thanks @markd!

Appreciate the response, will have a look at your links. Very insightful!

HTeitge · March 17, 2019, 9:48am

Hi guys thought I would update this thread.

After investigating what @markd posted, we decided to keep Auth0 only for authentication and manage the authorization on our own platform utilizing asp.net identity (roles & claims). This way we have flexibility without having to upgrade our licence for m2m to do direct crud from our api.

Have good one!

konrad.sopala · March 18, 2019, 10:42am

Wohoo! Glad you managed to discuss it and get it working!

system · April 2, 2019, 10:42am

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.