Could you please help me
Standard web application. Frontend+Backend(Golang). Frontend uses backend API
Using authorization code flow.
I am implementing this scenario:
- The user goes to the personal account url(aka /login). The backend understands that it does not have a cookie and redirects to AuthURL auth0. The user sign up(sign in) through the login page (passed the authorization code flow). The resulting access token backend save in a cookie. And also i save refresh token for this access token in database.
Next, all API requests from the frontend are sent with the received access token in cookie. - For each API request from the frontend like this, backend do this: validate the access token(signature) from the cookie → see if it is expired → if it is expired, then refresh it using refresh token. And set new access token in cookie. P.S. Refresh token rotation is on of course.
In order to get a full access token, I had to not just create a “regular web app” type application on the application tab, but first create an API on the API tab, and then create a “regular web app” type application on the application tab and authorize it for the created API
Will M2M tokens be used in this case? If the application type is “regular web app”, but the API is used