Define secure back end routing for web service following client-api config using Auth0

I'm developing a project with a client (nodejs) that will serve routes using the express framework. For the sake of this project, these routes can simply be /login, /logout, /, /secretstuff. The client will use Auth0 to log the user in and return an authorization code to /callback (or whatever is appropriate). Note this is an authorization code and not a jwt.

The mission is to allow a user to log into [url removed, login to view] (served with nodejs app). Then [url removed, login to view] will interface with api.somecoolapi.com. I assume from the Auth0 tutorials I've been attempting to follow that the initial login returns an authorization code, which gets pushed from [url removed, login to view] to [url removed, login to view] in return for a jwt. The jwt then gets passed to [url removed, login to view], is verified, and the api can return whatever data to www.myapp.com.

After trying for over a week, I'm ready to ask for help on this one. I can get an authorization code back from Auth0, but the token exchange doesn't seem to work. I'd like to be able to store the fact that the user was logged in so that they can access [url removed, login to view], to be cleared upon /logout.

I believe that this is a somewhat bare framework, but they key is to enable a user to securely log into the client service ([url removed, login to view]), and allow that client to talk with the api. The user should not be able to access the api directly. The api will run on the same server as the client, but I would like to leave open the opportunity to someday allow a public api.

Express JS JSON Node.js OAuth บริการเว็บไซต์

หมายเลขโปรเจค: #15245097

เกี่ยวกับโปรเจกต์