Machine to machine api call

vinamelody · July 12, 2019, 2:45pm

Hi, need some advice on achieving this:

I need to first obtain access_token from Auth0 management api, and then uses it to create a user with attendee’s email.

How do you recommend to store this access_token for 24 hours so that I don’t need to login every time I send a create user request?

Right now, I can login using this snippet, but I am not sure how to persist it for 24 hours, for other function to use

func getAccessToken(_ req: Request) throws -> String {
        let clientId = "dfg"
        let clientSecret = "jkl"
        let audience = "https://domain.auth0.com/api/v2/"
        let grantType = "client_credentials"
        let loginParams = LoginParameters(clientId: clientId,
                                                clientSecret: clientSecret,
                                                audience: audience,
                                                grantType: grantType)
        let urlString = "https://domain.auth0.com/oauth/token"
        let response = try req.client().post(urlString) { loginReq in
            return try loginReq.content.encode(loginParams)
            }.flatMap { loginResponse in
                return try loginResponse.content.decode(LoginResponse.self)
            }.map(to: LoginResponse.self, { (object) -> LoginResponse in
                // I'll get the object here
                print(object.accessToken)
                // validate it first!
                return object
            })
        return ""
    }

0xtim · July 12, 2019, 4:15pm

@vinamelody so you need to save the token somewhere. If this is a web app you could save it in the user’s session, otherwise you’d need to save it in the database along with the user in a user table.

If this token is not user specific then you can save it in a shared container. Have a look at how the auth cache works for sharing data across requests. Hope that helps!

vinamelody · July 13, 2019, 2:08pm

@0xtim this vapor app is a kind of middleman between ticketing system (tito webhook) and auth0, there won’t be user’s session, therefore, machine to machine app. I guess database would be the way. But that would mean, I am storing auth0’s access token in database ~~ is that okay for production?

To use auth cache, does that require Vapor itself handling auth and JWT?

I’m thinking of something simpler like setting a timer for Vapor app to get a new access token after 24 hours. Is there something like that?

shogunkaramazov · July 13, 2019, 2:58pm

@0xtim Can you please help with this when you get a chance? Thank you - much appreciated! :]

0xtim · July 13, 2019, 7:05pm

Ah ok so you can ignore a lot of what I said.

Yes you could store it in a database, but I’d probably just store it in memory, it will be easier. What I would do is define a service that makes a request to Auth0 to get the token and just stores it in memory (you either need to make it thread safe or have a service for each thread). Then if you get a 401 just use the service to call the endpoint and get an updated token. So the first time you ask the service for the token it will see if it has it and if not go and get it. The next time it just returns the token until the token no longer works. Does that make sense?

vinamelody · July 14, 2019, 12:43am

Yup it makes sense. Thanks, I’ll go into that direction!

add: probably trying to mimic that microservices in chapter 37 of the book … or may be not, since i wouldn’t want to do auth among services ~~