Reputation: 30388
Handling id_token in ASP.NET Core API
I'm implementing Auth0 with my ASP.NET Core 2.1 app with React front end.
After the user authenticates, I do get both an access_token and an id_token. I'm clear that I send the access_token in the header to gain access to my API methods but I'm not sure how to handle the id_token.
Do I place the id_token in the header as well? If so, what key do I use for it? I'm sending the access_token with the key Authorization -- see below.
Not sure how to send the id_token and would appreciate some pointers on this. Thanks.
Upvotes: 5
Views: 815
Answers (1)
Reputation: 4594
You would use id_token to construct the User object in SPA application and access_token is used to access the API. So, you don't put the id_token in the header.
There is a JavaScript library for Auth0 that can help with authentication/authorization tasks: Auth0.js.
The library may help with constructing the user object and refreshing the access token.
Upvotes: 2
Related Questions
- ASP.NET Core with React.js API authorization
- Authentication token in React.js
- How to authenticate in asp.net core rest api from react app
- .Net Core 2.1 with IdentityServer4 Cookie and API JWT based authentication for the same app
- Authorizing and then using JWT Token with Auth0 React & ASP.net core
- How to keep authentication token safe in js web apps?
- Use id_token with ASP.NET Core 3
- Wrong audience for id_token in IdentityServer4
- How to handle token authentication in reactjs?
- Asp.net core Identity and Token Based Authetication