Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Multiple apis tokens #8382

Open
wants to merge 2 commits into
base: master
Choose a base branch
from

Conversation

jeffreylees
Copy link
Contributor

@jeffreylees jeffreylees commented Oct 17, 2019

docs/tokens/guides/access-token/get-access-tokens-for-multiple-apis

@jeffreylees jeffreylees requested a review from aaguiarz October 17, 2019 18:06
@solepano solepano had a problem deploying to docs-content-staging-pr-8382 October 17, 2019 18:06 Failure
## Single-Page Applications

In SPAs you can use the [Auth0 SPA SDK](/libraries/auth0-spa-js) and can trigger Silent Authentication with the audience for the new token. The [Get Access Token for a different audience](/libraries/auth0-spa-js#get-access-token-for-a-different-audience) example shows how to do this using the SDK's `getTokenSilently()` method.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we explain how to do it with auth0.js?


In backend apps, you need to redirect to `/authorize` once per API, using `prompt=none&audience=YourAudience`. To know which token you need to call for each API you need to use the `state` parameter as way to correlate requests and responses.

```js
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's clarify this example is for Node JS + Express


In this manner, you can be certain of which API to call for what purpose, and which returned response is from which API. Checking the state in the response and then comparing it to your stored states will tell you the audience that it was paired with, which will tell you the API that it is responding from.

## Read more
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should also add a section for Native Apps, which also implies going through authorize for each token

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants