I’ve been prototyping using auth0 for the past couple of weeks and I managed to build a website that allows my users to log in using social (i.e. Google).
Right now, I’m prototyping an SDK for developers/platforms that want to interact the API I have behind the website, which is protected by auth0. This should allow my users to connect to these platforms using my auth0 tenant (under the hood). For now, I’m focusing on a react SDK.
Here’s what I explored:
- Using auth0 organizations: Would this mean that every developer that requests access to my API would need to be a separate organization in auth0?
- Wrap auth0 react SDK: I obfuscate the auth0 config, and I fetch it real-time when the SDK initializes. When the developer initializes my SDK, I ask them for a clientId that I provide and map to an auth0 config in my database.
I’m not sure I’m on the right track so I’m looking for feedback on the solutions above and more importantly on what is the recommended way of achieving this using auth0.