Hello Auth0 Community:
So my question today involves around architecture of a basic auth workflow to a preexisting React application and Go Microservice (at this point more refactoring).
So me and my team is new with Auth0 and we chose this over firebase due to some limitations and confusion of some of the details.
So right now what I want to incorporate into our application is the following 2 main points:
-
Replace our current Login / registration / forgot password forms with what a service Auth0 provides is Lock.
-
If we need to store user data into our current user DB for us to manage, how much of our endpoints needs to handle a specific implementation.
Registration:
So with this two points in mind, If we were to use the Lock form route for the React side - what are the limitations on ensuring the user is saved on both Auth0 and DB, because we want AUth0 to handle most of the authentication, but we need to be able to ensure that the user created, we get the user information + the email routed back to our system. So is this the /authorization endpoint being referred to in the documentation? And I read something about Custom Domain being something that we would have to pay for? So if our react app sits on app.domain.com and our golang app sits on api.domain.com - does that consider a custom domain too?
Login:
So my understanding that with Lock - I may need clarification on if Auth0 is handling the signing or my server would be handling the signing? If using Lock - then Auth0 has to handle it and is that the limitation?
API:
So securing our API I undesstand we will need to build a middleware - but that doesn’t necessarily mean the token is signed on our end right? We are just verifying what Auth0 generated?