First of all sorry if this question has been answered before, i’m sure you get many variations of this same question but i couldn’t find an answer for myself.
At the moment, my SPA sends a request to my node backend, which authenticates the user and sends a http only secure cookie back to my client. I’m looking to delegate my authentication flow to a provider like Auth0 so i don’t have to worry about security etc as i’m concerned that my auth method is not the most secure. However my App already has a great UI for user sign up and logins.
After searching, i figured that the Authentication API is what i need.
But this is where my confusion begins. In the docs, specifically under the login section, there’s 3 choices.
Social - It will return a 302 redirect to the social provider specified in connection.
Database - It returns a 302 redirect to the Auth0 Login Page that will show the Login Widget where the user can login with email and password.
Enterprise - It returns a 302 redirect to the SAML Provider
None of these login endpoints seem to provide what i need, it seems as though they all redirect to their own specific login widgets in order to authenticate.
My ideal authentication flow would be:
- User registers for an account on my App. Credentials are securely stored in my database and/or Auth0?.
- User signs in to the app (SPA), Auth0 handles secure authentication via a request which returns a response that can determine wether the sign in was successful / unsuccessful.
Any help pointing me to the right direction would be greatly appreciated!