Get access token for different protected resource

auth0 / express-openid-connect

An Express.js middleware to protect OpenID Connect web applications.

MIT License

471 stars 145 forks source link

Get access token for different protected resource #220

Closed mhd-sln closed 3 years ago

mhd-sln commented 3 years ago

Hi,

While it is possible to have accessToken for a single protected resource. I was wondering if its possible to have the access token for different API audiences. In our case, different teams in the organisations are managing different API resources and we would need to have a solution where it is easy to access any protected resource without the user needing to re-login.

Thanks!

adamjmcgrath commented 3 years ago

Hi @salmanmanekia - thanks for raising this

At Auth0 at least, you get one access token per login - so you can't login to multiple audiences in one go.

Our suggested workaround for this is to use Permissions to represent multiple APIs using a single logical API

mcelotti commented 5 months ago

I managed to get multiple access tokens using multiple middlewares with paths, like app.use("some-path", auth(authConfigForAudience));. I got the idea from this issue: https://github.com/auth0/express-openid-connect/issues/263