-
Notifications
You must be signed in to change notification settings - Fork 1.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Multiple apis tokens #8382
base: master
Are you sure you want to change the base?
Multiple apis tokens #8382
Conversation
965e8a8
to
e3a773c
Compare
## Single-Page Applications | ||
|
||
In SPAs you can use the [Auth0 SPA SDK](/libraries/auth0-spa-js) and can trigger Silent Authentication with the audience for the new token. The [Get Access Token for a different audience](/libraries/auth0-spa-js#get-access-token-for-a-different-audience) example shows how to do this using the SDK's `getTokenSilently()` method. | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should we explain how to do it with auth0.js?
|
||
In backend apps, you need to redirect to `/authorize` once per API, using `prompt=none&audience=YourAudience`. To know which token you need to call for each API you need to use the `state` parameter as way to correlate requests and responses. | ||
|
||
```js |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Let's clarify this example is for Node JS + Express
|
||
In this manner, you can be certain of which API to call for what purpose, and which returned response is from which API. Checking the state in the response and then comparing it to your stored states will tell you the audience that it was paired with, which will tell you the API that it is responding from. | ||
|
||
## Read more |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We should also add a section for Native Apps, which also implies going through authorize for each token
docs/tokens/guides/access-token/get-access-tokens-for-multiple-apis