You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
As far as I understand, when creating a backend to you would take access_token from client, and you would need to verify the token.
One of the key elements to check is audience.
Identifier: a unique identifier for the API. Auth0 recommends using a URL. Auth0 does differentiate between URLs that include the last forward slash. For example, https://example.com and https://example.com/ are two different identifiers. The URL does not have to be a publicly available URL. Auth0 will not call your API. This value cannot be modified afterwards.
https://auth0.com/docs/quickstart/backend/nodejs/01-authorization
As far as I understand, when creating a backend to you would take access_token from client, and you would need to verify the token.
One of the key elements to check is audience.
Auth0.com asks to create an API with an identifier (can be anything - doesn't even have to start with https://, right?)
https://auth0.com/docs/getting-started/set-up-api
https://github.com/Swizec/useAuth/blob/v0.6.1/src/AuthProvider.tsx#L69
Here, the audience is pre-defined to be
/api/v2/and you are to passauth0_audience_domainpart instead of entire identifier text.Of course you can overwrite it
https://github.com/Swizec/useAuth/blob/v0.6.1/src/AuthProvider.tsx#L75
like so, but why the provider takes
auth0_audience_domainand uses/api/v2/instead of just an identifier text?The text was updated successfully, but these errors were encountered: