Accessing FusionAuth API using bearer token auth
-
I have created a front end for users management in fusionAuth to which the users log using fusionAuth username/password. We authorize the requests sent to the user management endpoints e.g. api/user/search by providing an ApiKey defined in FusionAuth -> Settings -> Api Keys, which is granted access to these endpoints.
I want to limit the access only to certain users and authorize such requests by using logged user bearer token, however I get 401 Unauthorized response. The token is valid and both e.g. /api/jwt/validate and /api/user/ return 200 with user's data, so clearly I'm missing some access roles.
Question: is it possible to authorize user assigned to application via custom tenant (not FusionAuth) using Bearer JWT Token to access api/user/search API? One way would be to assign a custom Role both to the Application and User, validate the token for those roles in the backend and then swap the authentication method from Bearer Token to a Api Key kept on the server along the corresponding tenant-id, but I hope there's an out of the box solution to handle it.
-
Hi @pawel-prochal ,
It sounds like you want to make a request against a FusionAuth search API using a JWT issued by FusionAuth to authenticate that API request?
Unfortunately not all FusionAuth APIs use JWT authentication. User search is not one of them.
If I were going to do this, I'd build a small proxy that took a JWT and held an API key. It would examine the JWT and then make the user search API call using the API key.
Let me know if I misunderstood something.