Hi everyone,
I’ve joined a team where they had auth0-js + auth0-lock set on an Angular application. My boss asked me to audit the bundles and both auth0 library dramatically increase the vendor bundle. I suggested to get rid of those and place everything on the backend (we do have a backend) so it would improve security (do you guys trust the browser ?) and globally improve performance. I think I’ve never seen auth0 implement on the client and read a lot of articles saying it wasn’t the best approach (though sdk and libraries are availables) but the backend really insist to keep it on the client.
So, my question is pretty simple but I’d love to have a serious answer with pros and cons, if you can decide where to put the authentication, would you go frontend or backend ?
Thank you.