I have a webapp I want to have authenticated via Auth0. Authorization isn’t what I’m looking for right now, just authentication. There is already an authorization system built into our backend.
I see there are Apps that you can create: SP apps, traditional websites, mobile apps, etc. and then there are APIs you can register.
I’m having a hard time understanding the difference between the two. In my case once the user had logged-in via Auth0 and received their tokens, my backend only needs to confirm the user’s identity and then the authorization layer takes over. Nothing needs to happen on the webapp itself. In fact the webapp could ignore all data in the tokens and simply pass them on to the backend, which is what it mostly does right now.
So which option do I go for? Do I Set Up an API? Do I Set Up a SP App? Where do I go from here?