I’m doing a research on the options available for the auth flow that I have in my mind and I have a little bit of a struggle to choose the correct way. Let me describe how and where it should work so you can give me your thoughts.
So let’s say I have the super simple backend which has an API secured by Auth0 middleware.
Now, I’ve got an app (let it be a browser extension but it could be anything) where I’d like to implement my own login page. Imagine I have a simple html page with 2 inputs for login/password and an action button (“Login”). I don’t want the user to be redirected to the Auth0 landing/login page. I want their login data be sent to the Auth0 authentication API and get access/refresh tokens in the response. I don’t understand what is the point of the callback URL in this case, since the best option would be to have the tokens being returned as a JSON response, and upon success I would manually use those tokens with my backend, store them and do whatever I want.