Using Auth0 for Machine-to-Machine API Security with Strapi

Hello everyone!

I am currently implementing machine-to-machine authentication using Auth0 tokens for securing API access in Strapi.

My setup involves a service that sends API requests to Strapi, and the access should only be granted if the Auth0 token provided is valid. I’ve no front-end.

I’ve implemented a middleware in Strapi to verify the Auth0 token (which I have confirmed is valid), but I am encountering a 401 Unauthorized error returned by Strapi, not by my middleware.

Here’s a brief overview of what I’ve done:

  • Set up Auth0 and obtained the necessary tokens.
  • Developed middleware in Strapi to validate the Auth0 token.
  • Integrated the middleware with my API endpoints.
  • Despite the token validation passing in my middleware, Strapi still returns a 401 error when I try to access the data:

“data”: null,
“error”: {
“status”: 401,
“name”: “UnauthorizedError”,
“message”: “Missing or invalid credentials”,
“details”: {}

I have this error when I put a token in my request, even if I disable my middleware.

Could you please assist me in understanding why this error occurs and how I can successfully configure Auth0 integration for machine-to-machine authentication in Strapi?

Thank you for your help!

This topic has been created from a Discord post (1233425839538962543) to give it more visibility.
It will be on Read-Only mode here.
Join the conversation on Discord

If you hitting authenticated route you need to provide a Bearer authentication token, that you can get by authenticating with user-permissions plugin or api token

I don’t have users on the Strapi side. The Auth0 users are already created via another mobile application, and a backend acts as the bridge between Strapi and my mobile application. However, when I pass the bearer token generated by Auth0 from my backend, I get a 401 unauthorized response.

You can do that via api token, if user authenticated pass API token in Bearer