I’ve read around the docs a few times but I don’t fully understand how to use Auth0 as a simple REST API to allow me to use custom sign in screens. The SDK and Lock don’t seem to meet that criteria as the former redirects off-site and the latter embeds the Auth0 component.
This is where I have got to:
- Hit
/oauth/tokento retrieveid_tokenandaccess_token - Store token in local storage (in order to save authed state across sessions)
- Hit
/userinfoendpoint to retrieve user profile
Is this the right approach? Is there a better way?
The next part I need to do is to validate a saved access_token, which I think I do by analysing the expiration date in the JWT token?
Thanks!
