I am new to Auth0, but am finding the user authorization somewhat confusing.
I have a SPA that is connecting to two API’s (Spring & NodeJS). I have configured both API’s and secured them using the examples. I can log in with a user account I created and access the API’s sucessfully from my SPA.
However, the examples always use trivial examples. Such as 'Everyone that successfully logs in has access to the global ‘Tasks’. And can read or write to them.
But… what if as is usually the case, the User has some private assets in your API? I am unable to check who the logged in user is to fetch is private assets and to ensure only he has access to them.
I am sure I have missed some hidden tutorial or example because after 4 days of setting up tutorials, successfully running them I am still unable to identify a User or his permissions in a Spring controller?
Have I got all this wrong? Very confused about why you would want to protect assets only for a group of users. What about users Application profile data??
Perhaps someone can provide me the information I am missing.
Thank you in advance.