Distributed workload - how to structure Auth0

Hi there,
I’m building a distributed system with various different services across the board. There are several single-page-applications (SPA) built with React. A PHP Laravel API and a couple of other serverless (AWS Lambda + API Gateway) APIs as well.

I am looking into making authentication as easy as possible (hence looking into Auth0) and I am just wondering how would I structure the Apps/APIs within Auth0 (currently looking into the free plan).

The user flow should be following:

  1. User visits a SPA
  2. SPA is gated with Auth0, user authenticates and SPA is restricting the content based on allowed scope.
  3. SPA can call the Laravel API - using the User’s Bearer token to access resources
  4. If there is a serverless API to be queried in the background (Laravel API calling serverless API), it’s either using the user’s (bearer) token or it’s the callers (Laravel API) token.

How would you structure this? (How many apps, APIs etc.)
Is my understanding correct?

Any help is appreciated. Thanks!

Hi @falnyr,

Welcome to the Community!

This is a fairly common setup and you shouldn’t run into any huge roadblocks. You will want to register a seperate app/client for each SPA and register a seperate custom API for each of your backend APIs.

This doc gives a good look into how a single API and SPA interact, and gives a more general overview of the architecture before diving in.

If you feel like you have a solid grasp on it, most of our quickstarts (Angular quickstart .e.g.) provide code examples of how to protect routes on your SPA, and also provide an example of how to call a protected API.

Let me know if you run into anything,
Dan

2 Likes