Hope you are well. We at our company are consider using Auth0 for a rewrite on our application. I have done some quite extensive research on the approaches and flows, but would like to get your input.
So our current application is written in .net Framework and razor serving up a server side front-end.
The rewrite would consist out of SPA(vue.js) for Front-end and .net core for backend web api and then sql server as our databases.
With this rewrite we wouldn’t like to change anything on the database side.
So I have read about the web flow which Auth0 provides a login screen which would be used to auspicate user and return an access token would be used a validation for authorized api calls.
The first problem I am encountering is here with login. For each of our clients (different domains pointing to server) we have a custom skin for the login page. So we would definitely want to use our own login screens since it will be dynamic. Unless there is a solution for this.
Other problem I have is that, I want to use our existing user, userRoles and tenant database tables.
So with the research I did, the best solution was this:
Create one client Application on Auth0.
Create one api(Machine-to-machine) on Auth0.
Use our own login screens.
The user would log in with their credentials which would hit a login api on our backend.
The backend would make validate the user against our database. If user is valid we would make a request(Grant type=client_creditials) to get an access token.
The backend’s response to the login would include this access token.
This access token would then be used to make authorized api requests.
So currently this would be our approach. My questions for you is:
- With context of our application, is still necessary to use Auth0 or should I just use JWT’s
- Is this approach we are looking at, the best approach for this situation?
- If there is a better way of handling this could you please provide me with the best approach, keeping in mind the strict restriction for our login screen skins.