Validate Token for API

This is really embarrassing question to ask as I assume what I want to accomplish is a basic tenant to authentication/authorization workflow. I have searched everything I can online and I think the problem is that I don’t know the correct question to ask. So please bear with me.

I have an Auth0 account and an application (React APP) that is correctly handling authentication. The React app makes API (POST) calls to my Python API (Sanic app if that matters).

I think I want to use RS256. I am passing the id token that my client web app gives me that correctly validates in

My python API correctly gets this token in the authorization bearer header.

Now… how do I validate this token?

I have tried sanic-jwt, pyjwt and a few others and I am unable to get anything other than a incorrect algorithm, or some other 400 (bad request) error.

Please post general steps or a link to how I should validate this token on my python api server side.

Not a direct answer to your question, but note: you need to pass the access token as bearer in the header, not the ID token.

1 Like

That was very helpful. I realize that id_token and access_token aren’t always the same thing.

I think the 2 things that I am missing is

  1. How can I get an access token?
  2. How does the python API validate that access_token?