I’ve been playing with Auth0 for a while in hope to learn and explore it.
My custom forms are ready but I’m not sure how I should be dealing with the process of registration. The documentation states it’s done by sending a POST request to /dbconnections/signup. However, the Management API also allows user creation.
There is also a dilemma of whether or not to use the React SDK here. We’re told to call the API directly:
Typically, you should consume this API through one of the Auth0 SDKs, such as Auth0.js, or a library like Lock. However, if you are building your authentication UI manually, you will need to call the Authentication API directly.
Why is that? Does React SDK not support custom UI & logic and direct calls to the API? Or is it a case of TMTOWTDI?
The React SDK is built for use with Universal Login and the Auth0 UI. That said, you could use a custom signup page to register your users, and the React SDK/Universal Login to log them in with the Auth0 UI.
There are certainly more then one way to do some things, like you’ve pointed out with user creation. The methods have different use cases, but there is going to be overlap.
Generally, the signup endpoint is for open signups and doesn’t require a valid token to create a user, whereas the management API endpoint should only be accessed by a trusted application (not a client side app).
Good questions, let me know if you have any others.
I designed a custom Classic Universal Login page (I think it’s Lock UI) with a slightly modified sign-in logic. It already had a template so the whole process didn’t take a long time. However, since it is required that the user provide their name, I had to do something like this:
function signupAndLogin(e) {
e.preventDefault();
e.submitter.disabled = true;
let user = Object.fromEntries(new FormData(e.target));
webAuth.signup({
connection: db,
...user
}, function(err) {
if (err) displayError(err, "signup");
else webAuth.login({
realm: db,
email: user.email,
password: user.password
})
e.submitter.disabled = false;
});
}
signup() was the only method that I found that could form such requests, but perhaps there is another one?
Also, it looks like it’s using the /dbconnections/signup endpoint?