While choosing the best strategy for using Auth0 in an SPA without redirect I wonder which options I have.
Additionally, from the tutorial Configure your tenant for the new API Authorization flows I learned:
If you want to unlock the new API Authorization scenario, you will need to enable a flag under your Account Settings. This will allow you to opt-in and out of this feature at any point in time while it remains under preview.
Does this mean the feature will not continue to work under the free plan?
1 Like
The authentication protocols generally make use of HTTP redirects when it comes to authentication for web applications (including SPA’s). You could do the authentication process in a separate window/popup which means that the main application window will not actually be redirected (the redirects happen on the popup).
Additionally, if you maintain some sort of state before initiating the authentication and restore that state after the redirect you can provide a good UX while still following the general approach based on redirects. Having said that, there are approaches that with sufficient constraints could be implemented without redirects, for example a custom username/password credentials approach could work without requiring redirects but it may pose limitations in the overall authentication system.
Finally, in relation to your question pertaining the continued availability of the API section on the free plan, my suggestion is that if it’s not explicit in the Auth0 pricing page you may be better in using the TALK TO SALES option available at that page.
Are there any articles/blog posts that describe how to effectively use the popup window within the context of an Angular app?
You may want to take a look at this answer; it goes through using popup mode with Auth0.js library. The library has no UI nor dependencies to any particular client-side framework so integrating it with Angular should be simple.