My APP consists of 2 parts, SinglePage / API.
In the single web page, I’ve implemented the “createAuth0Client” to create/authenticate the user.
Now I want to validate token/authentication on each API call from that page and to get the user details before serving his request.
I guess I can get the token on the client-side by “auth0.getTokenSilently();” and send it over but how do I verify it?
Thx
In this case, the SPA would not be responsible for validating the Access Token. It will take the Access Token it receives from the /token endpoint and store it for API requests, but that is all. The API itself is responsible for validation the Access Token. This way, if someone attempts to call the API outside of the SPA (using Postman or cURL or their own app for example), they would not succeed because the API will validate the token.
Auth0 has several SDKs to handle this validation. You can find examples in the Quickstarts: Auth0 Backend/API Quickstarts