Validate Token Generate from an Application Native in Spring boot with Spring Security

Hi, i created a Application Native for React Native i did the integration and uses the universal login. Everything worked perfectly. I loged in and got the access token but i dont know how to validate it in Springboot. I read blog and all talk about Auth0 API and use the indentifier as audience but in Application Native there is not identifier and i dont know how to validate the token that i got from the Application Native from React.

The ide is to log in in my app get the token and then with that token validate the petitions in my spring boot API.

Hi @carlosarce16, welcome to the community!

You would need to set up an API on your Auth0 tenant to represent your Springboot APIs, please see here: Register APIs

The identifier you set for this API is the audience you should use when you request an access token. You can specify this audience in the authorize call: WebAuth - Documentation

You may find this solution overview of help: Solution Overview (Mobile Apps + API)

As for validating this token on the API side, there are some steps here: Validate Access Tokens

In the blog post you mentioned (I believe you were referring to this? - Spring Boot Authorization Tutorial: Secure an API (Java)) you can see how they used the java-jwt library to validate the token -
java-jwt/JWT.java at master · auth0/java-jwt · GitHub

But there are many 3rd party JWT libraries out there, you can find more information on them here: https://jwt.io/
Or you could manually implement the checks: Validate JSON Web Tokens

Hi, thank you for your answer.

what i understand is that in my ReactNative app i have to put the audience with the identifier of my Auth0 API.

This is my native app

image673×556 24.4 KB

This is my API

image680×651 33.6 KB

On my react native app everything was working fine. I use the universal login i got the access toke.

Like this.

In order to set the audience to linked to my Auth0 API i did this.

image836×236 7.09 KB

But if a change audience for “https://clarce.auth0.com/userinfo” everything wokrs fine again.

My question is: how do i link the token generated on my React Native app from Auth0 Native to my Auth0 API that is the one that i implement in springboot? Because in Springboot i need and audience that for the Auth0 API is the identifier “https://cafetoevent/”.

You will need to match the audience with the API identifier you configured exactly.
So if you used “https://cafetoevent/” as the audience in the authorize call instead, you should not get the error, and would then receive an access token intended for your “CafetoEventAPI”.
Your Springboot API would then need to validate this token when the user sent a request to your API, one of these checks would be making sure the “aud” (audience) parameter in the token matches “https://cafetoevent/”, in your case.

Hi @sgo thaks for answering.
but how do i match the audience on mi React Native application to my Auth0 API identifier? when i change it to match “https://cafetoevent/” or “https://cafetoevent/userinfo” i got “service not found” and only works with “https://clarce.auth0.com/userinfo” tha is the domain of my account and i can loginand then i get the token.

I been searching arround the documentation but i can’t find how make it work.

Hi @carlosarce16, could you please share a code snippet of what you tried when you set the audience to “https://cafetoevent/” on your React Native app and got the service not found error?