I’m building a SPA with React and using Sanity.io for data storage. The data is fetched directly from Sanity (passing sanity access token) through their graphql endpoint using Apollo client. I thus have no backend server. I have implemented authentication with the Auth0 SDK and it works great.
For now, the only security layer I have on my apollo-client is checking whether there is an idToken set in memory. I assume this is not the way to go. Is it recommended to create an API in Auth0 and then verify the JWT in an apollo-link?