Auth0 Home Blog Docs

Which grant type for a none interactive client when id token is required

grant-types

#1

Hello
I’ve setup a basic web application and can get an id token for it. Now i have some set of API’s ( none interactive clients ) which communicate which each other. Each API is a different client. The API’s must be able to use the token they got from the web application. Which grant type do i have to use so the API’s can use the id token because the API’s dont’t do some kind of interaction?


#2

Or does an API only validate the JWT tokens they got in the Authorization header ?


#3

APIs should be passed the access_token, not the id_token, in the Authorization Header. Your APIs will need to be configured correctly in Auth0, as well as setup to validate the access_token. I suggest reading through the following docs which outline the API Authorization features:

https://auth0.com/docs/api-auth


#4

Thx
But how does my API know about the identity who called it ?


#5