Auth0 Home Blog Docs

Validating a user before using an API after using universal login

I’m using the free version

A user logs in using universal login. No problem here, sort of. I can see the token in my network tab in chrome tools. But I’m having a hard time getting that token. I don’t know where the request is being made for the token in the code. So I can’t save the token.

The idea was to use that token so when a user goes to use my custom API, I can validate them with that token that is given on login. And then preform any CRUD actions on my own DB.

I did make a stackoverflow post about this as well. I’m struggling pretty hard here. What am I doing wrong here to not be able to find the code that gets the Token?

import { Injectable } from '@angular/core';
import createAuth0Client from '@auth0/auth0-spa-js';
import Auth0Client from '@auth0/auth0-spa-js/dist/typings/Auth0Client';
import { from, of, Observable, BehaviorSubject, combineLatest, throwError } from 'rxjs';
import { tap, catchError, concatMap, shareReplay } from 'rxjs/operators';
import { Router } from '@angular/router';

  providedIn: 'root'
export class AuthService {
  // Create an observable of Auth0 instance of client
  auth0Client$ = (from(
      domain: "",
      redirect_uri: `${window.location.origin}` + `/home`
  ) as Observable<Auth0Client>).pipe(
    shareReplay(1), // Every subscription receives the same shared value
    catchError(err => throwError(err))
  // Define observables for SDK methods that return promises by default
  // For each Auth0 SDK method, first ensure the client instance is ready
  // concatMap: Using the client instance, call SDK method; SDK returns a promise
  // from: Convert that resulting promise into an observable
  isAuthenticated$ = this.auth0Client$.pipe(
    concatMap((client: Auth0Client) => from(client.isAuthenticated())),
    tap(res => this.loggedIn = res)
  handleRedirectCallback$ = this.auth0Client$.pipe(
    concatMap((client: Auth0Client) => from(client.handleRedirectCallback())), tap(res => { console.log(res); })

  // Create subject and public observable of user profile data
  private userProfileSubject$ = new BehaviorSubject<any>(null);
  userProfile$ = this.userProfileSubject$.asObservable();
  // Create a local property for login status
  loggedIn: boolean = null;

  constructor(private router: Router) { }

  // When calling, options can be passed if desired
  getUser$(options?): Observable<any> {
    return this.auth0Client$.pipe(
      concatMap((client: Auth0Client) => from(client.getUser(options))),
      tap(user => {

  localAuthSetup() {
    // This should only be called on app initialization
    // Set up local authentication streams
    const checkAuth$ = this.isAuthenticated$.pipe(
      concatMap((loggedIn: boolean) => {
        if (loggedIn) {
          // If authenticated, get user and set in app
          // NOTE: you could pass options here if needed
          return this.getUser$();
        // If not authenticated, return stream that emits 'false'
        return of(loggedIn);

  login(redirectPath: string = '') {
    // A desired redirect path can be passed to login method
    // (e.g., from a route guard)
    // Ensure Auth0 client instance exists
    this.auth0Client$.subscribe((client: Auth0Client) => {
      // Call method to log in
        redirect_uri: `${window.location.origin}` + `/home`,
        appState: { target: redirectPath }

  handleAuthCallback() {
    // Call when app reloads after user logs in with Auth0
    const params =;
    if (params.includes('code=') && params.includes('state=')) {
      let targetRoute: string; // Path to redirect to after login processsed
      const authComplete$ = this.handleRedirectCallback$.pipe(
        // Have client, now call method to handle auth callback redirect
        tap(cbRes => {
          // Get and set target redirect route from callback results
          targetRoute = '/home';
        concatMap(() => {
          // Redirect callback complete; get user and login status
          return combineLatest([
      // Subscribe to authentication completion observable
      // Response will be an array of user and login status
      authComplete$.subscribe(([user, loggedIn]) => {
        // Redirect to target route after callback processing

  logout() {
    // Ensure Auth0 client instance exists
    this.auth0Client$.subscribe((client: Auth0Client) => {
      // Call method to log out
        client_id: "JxxxxxxxxxxxxxxxxxxxxxxG",
        returnTo: `${window.location.origin}`
1 Like

I see by subscribing to auth0Client$ I can get the access token. But cache is private. So I’m guessing that isn’t the right way to do this.

console.log(data.cache.cache["default::openid profile email"])