illustration for Building an API with Express
Course

Building an API with Express

  8. 8
    Configure an Auth0 API Authentication to Use with Your Server
    1m 16s

Configure an Auth0 API Authentication to Use with Your Server

Kevin Cunningham
InstructorKevin Cunningham
Share this video with your friends

Social Share Links

Send Tweet
Published 4 years ago
Updated 3 years ago

One way to secure API routes is by using JSON Web Tokens (JWTs) which are passed with each request and checked before a lesson is returned. To do this, you need an OAuth server to provide the signing and authentication of these tokens. Auth0 provides this for free for up to 7,000 users.

In this lesson, we'll configure Auth0 and gather the details we need to be able to secure our API routes.

View code for this lesson

Kevin Cunningham: [0:00] To be able to authenticate within our application, we're first going to set up an API within Auth0.

[0:05] Once you've signed up for an account, you're going to go to APIs, going to click on Create API, I'm going to give it a name. In this case, I'm going to call it Catchphrase. My Identifier is going to be in the form of URL, even if it's not one that we own. In this case, I'm going to use catchphrase.app and record that for later. On the Signing Algorithm, I'm going to use this RS256.

[0:29] Once that's being created, we want to note down this identifier. Later on, that's going to be referred to as the audience.

[0:36] When we created the API, an application was also created to go alongside it called the Catchphrase (Test Application). Clicking in here, there are two details that we're going to need to note for later. Those two details are the Client ID and the Client Secret.

[0:55] This Client Secret you should keep secret. I'm going to reveal it here, and you'll see it's just a whole load of characters. Before I publish this tutorial, I'm going to refresh this key, so we won't be able to use that.

[1:08] Now, having recorded the Client ID, the Client Secret, and the Identifier, we're ready to start authenticating users of our API.

egghead
egghead
~ 40 minutes ago

Member comments are a way for members to communicate, interact, and ask questions about a lesson.

The instructor or someone from the community might respond to your question Here are a few basic guidelines to commenting on egghead.io

Be on-Topic

Comments are for discussing a lesson. If you're having a general issue with the website functionality, please contact us at support@egghead.io.

Avoid meta-discussion

  • This was great!
  • This was horrible!
  • I didn't like this because it didn't match my skill level.
  • +1 It will likely be deleted as spam.

Code Problems?

Should be accompanied by code! Codesandbox or Stackblitz provide a way to share code and discuss it in context

Details and Context

Vague question? Vague answer. Any details and context you can provide will lure more interesting answers!

Markdown supported.
Become a member to join the discussionEnroll Today