Dear community,
I have a very basic setup. A blazor WASAM web app which redirects users to Auth0. The app then calls the api gateway which validates the access bearer token and inserts the sub into the request to the backend.
I read the documentation on how to configure KrakenD with Auth0 and wonder why this is clustered as a Machine-Machine flow. M2M licensing is quite expensive in Auth0 compared to MAU (7k MAu to 1k tokens in the free plan). May I do not fully understand the terminology but for me this is still client to server communication with validation?
Prior i had keycloak in place and used a simple validator to check if the accesstoken was okey. Updating the validator to Auth0 or manual checking the token on jwt.io both states that the Token is invalid if I just use a SPA application for the WASAM.
[JWTValidator] Unable to validate the token: square/go-jose: compact JWS format must have three parts
for the krakenD experts
"extra_config": {
"auth/validator": {
"alg": "RS256",
"jwk_url": "https://DOMAINHERE.eu.auth0.com/.well-known/jwks.json",
"cache": true,
"operation_debug": true,
"propagate_claims": [
[
"sub",
"x-user"
]
]
}
}
},
Thank you for education in advance.
Stef