Is this working with Auth0's OAuth 2 API?

[mittsh]

A Paw user just asked us whether it was the correct way to authenticate with the Auth0 API:

Had a quick review of the code and as far as I can tell it creates a JWT and signs it with a base64 encoded version of the client secret. That is not how Auth0 / OAuth2 works.

Any clue @LordZardeck? Thank you!

[LordZardeck]

@mittsh Sorry for the late reply, really busy during the holidays. Auth0 has been making quite a bit of changes recently and they may have gone to OAuth2, but I'm not sure. JWT is really just a type of authorization token that's passed after some kind of authentication (such as OAuth 2). So irregardless of the authentication, if an API uses JWT, this will work for it. The benefit of using this is a JWT is just a signed payload. This means you don't have to go through the entire flow of OAuth to get an authorization token. You just need the server's signing key.

Does that answer your question?

[teebot]

Auth0 uses RS256 by default now and not HS256. I think that why it fails in PAW for me now

[teebot]

Ended up creating a Paw post call to get the token using the Client Credentials Grant Type and storing the token as dynamic value to use in all other requests.