Auth0 token management
56 views
Skip to first unread message
Mattia Micomonaco
Sep 6, 2016, 1:21:37 PM9/6/16
to Silhouette
Hi. I am using Play Silhouette with Auth0 provider. When the user tries to login to my application, the backend calls Auth0 API ("https://mydomain.auth0.com/oauth/ro") to sign in through username and password. Since the authentication is successful, the backend receives an access_token from Auth0.
Now, the user should receive a token that will be used when calling other services of my application.
Should I generate a new token or forward the access_token received by Auth0? In the second case, how can I validate the access token without calling an Auth0 API?
Thanks in advance.
Mattia
Now, the user should receive a token that will be used when calling other services of my application.
Should I generate a new token or forward the access_token received by Auth0? In the second case, how can I validate the access token without calling an Auth0 API?
Thanks in advance.
Mattia
Christian Kaps
Sep 7, 2016, 2:49:48 AM9/7/16
to Silhouette
Hi,
the access_token returned from Auth0 can be used to make further requests. You should save this token in the database and use it for further requests. Silhouette provides tools to save the token for you. What do you mean with validate the token?
Best regards,
Christian
Mattia Micomonaco
Sep 7, 2016, 5:24:51 AM9/7/16
to Silhouette
Hi. I try to explain better my issue.
Currently, I'm using Credentials provider in Silhouette. When the user inserts username and password and successfully signs in, my application backend returns a token. This token is inserted in "X-Auth-Token" field of HTTP header of further requests to my application backend.
I would like to use Auth0 to authenticate user with a similar flow. I've implemented a service which forwards user credentials (username and password) to Auth0 service in order to retrieve access_token. Then the access_token is returned to the client. Can I insert this token in "X-Auth-Token" field of further requests to my application backend? How can the backend "validate" this token? For me "validate the token" means that the backend checks that this token is that returned by Auth0 (in order to be sure that the user is that authenticated with Auth0)
Is this procedure correct?
I'm sorry if I'm not clear. Thanks.
Mattia
Currently, I'm using Credentials provider in Silhouette. When the user inserts username and password and successfully signs in, my application backend returns a token. This token is inserted in "X-Auth-Token" field of HTTP header of further requests to my application backend.
I would like to use Auth0 to authenticate user with a similar flow. I've implemented a service which forwards user credentials (username and password) to Auth0 service in order to retrieve access_token. Then the access_token is returned to the client. Can I insert this token in "X-Auth-Token" field of further requests to my application backend? How can the backend "validate" this token? For me "validate the token" means that the backend checks that this token is that returned by Auth0 (in order to be sure that the user is that authenticated with Auth0)
Is this procedure correct?
I'm sorry if I'm not clear. Thanks.
Mattia
Christian Kaps
Sep 7, 2016, 11:11:44 AM9/7/16
to Silhouette
This is not really a Silhouette related question. Maybe it's better to ask this in the Auth0 forum.
Reply all
Reply to author
Forward
0 new messages