I’m building a distributed system with various different services across the board. There are several single-page-applications (SPA) built with React. A PHP Laravel API and a couple of other serverless (AWS Lambda + API Gateway) APIs as well.
I am looking into making authentication as easy as possible (hence looking into Auth0) and I am just wondering how would I structure the Apps/APIs within Auth0 (currently looking into the free plan).
The user flow should be following:
- User visits a SPA
- SPA is gated with Auth0, user authenticates and SPA is restricting the content based on allowed scope.
- SPA can call the Laravel API - using the User’s Bearer token to access resources
- If there is a serverless API to be queried in the background (Laravel API calling serverless API), it’s either using the user’s (bearer) token or it’s the callers (Laravel API) token.
How would you structure this? (How many apps, APIs etc.)
Is my understanding correct?
Any help is appreciated. Thanks!