Hi there I started using Auth0 this week and i have to integrate it with our FARM stack for user logins and protecting fast api backend routes so im still getting my head around how im supposed to do achieve that.
From my understanding so far a user signs up/logs in using the react auth0 library loginwithredirect code and i will get back an access token + and idtoken from Auth0 which i then pass to my fast api backend.
The fastapi backend will then validate it using pyJWT library and add my user to the mongodb collection with the pymongo library and also pass that user information back to my react frontend as the mongodb database is the primary source of truth for users. I continue to use this access token to access other protected api routes such as delete user etc.
At the same a user entry is also created in the auth0 dashboard. Do I have this flow correct and will it behave the same when Im dealing with social sign in from Google, can i send the google access token in the same way? Thanks
Also I was unsre about which flow i should be using if im just ultimately sending the access token to my backend apis: either this : Authorization Code Flow with Proof Key for Code Exchange (PKCE)
or this : Authorization Code Flow