Open mittsh opened 6 years ago
@mittsh Sorry for the late reply, really busy during the holidays. Auth0 has been making quite a bit of changes recently and they may have gone to OAuth2, but I'm not sure. JWT is really just a type of authorization token that's passed after some kind of authentication (such as OAuth 2). So irregardless of the authentication, if an API uses JWT, this will work for it. The benefit of using this is a JWT is just a signed payload. This means you don't have to go through the entire flow of OAuth to get an authorization token. You just need the server's signing key.
Does that answer your question?
Auth0 uses RS256 by default now and not HS256. I think that why it fails in PAW for me now
Ended up creating a Paw post call to get the token using the Client Credentials Grant Type and storing the token as dynamic value to use in all other requests.
A Paw user just asked us whether it was the correct way to authenticate with the Auth0 API:
Any clue @LordZardeck? Thank you!