Auth0 Architecture and setup for React / Spring Boot

I’m looking at using Auth0 as an authentication provider for our stack but am struggling a bit with setting up APIs / Applications etc. This is what we’d like to do:

Front End
We use React apps with NextJS for internal / external administrative portals.
Internal users have Google Suite accounts.
I’d like internal users to be able to log in to portals using their corporate G Suite accounts (saves having another login)
I’d like external users to be able to log in to portals using manually created accounts within Auth0

The React apps will make requests to Spring Boot microservices for data load. The call should be authenticated using the user’s login token.

APIs
We have a suite of B2B APIs that we’d like to use Auth0 for authentication / authorisation. These APIs will be accessed by external partners as well as internally owned apps.

What I’ve tried to do so far is set up a Single Page App for a React portal and, using Next-Auth, I have that connecting to Auth0 allowing a G Suite login. I have also created an API for the Spring Boot back end for the portal and have the service able to verify a token against Auth0. The challenge I’m facing is that the token in the React app does not verify with the API, they’re encoded differently. I think I’ve set it up incorrectly, hence this post!

Thanks!

Hi @dan.abbitt,

Welcome to the Auth0 Community and thanks for the thourough explanation!

How is the token different? Is it not a JWT?

Hi @dan.woda,

Thanks for getting back to me.

Both tokens I receive are JWTs however the token the React app has is HS512 and the API is expecting RS256.

I think I’m getting stuck on how to permission a user to use the API when logged in to a SPA.

You can change your signing algo like this:

Thanks for the link.

@dan.woda, it should be possible for someone logging in to an SPA through a Google account to be able to call the API? If so, is there a good guide on how to configure that?

@dan.abbitt,

To call your backend API? The React Quickstart is a solid example. Here is a general SPA + API example.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.