Getting Started - need some general guidance SPA + AWS APIGATEWAY

Hi folks, I’m a pretty experienced dev in a lot of ways, but new-ish to Auth0.

My idea is to create a SPA app which will run on s3 to start, and eventually a HTML based phone app (like cordova or ionic) which will pull the strings on an AWS API gateway.

From what I can gather, I’ll need to have a SPA application, and the authentication token on this application will probably also be shared with API gateway custom authorizers that share the same client ID.

So, a user will authenticate via a static SPA type architecture (like the Gatsby example i’ve found) and then pass through the bearer token also along with the API gateway requests which ill parse the same token. Is that the right basic idea?

I went through their API gateway custom authorizer tutorial, but it stops before it gets to the SPA section so the marriage of the 2 is where I’m getting hung up.

Thanks!

If you have an API gateway - this can be seen as a single API - you may be able to use the Auth Code Flow. With this flow, the SPA never sees the access token, it lives in the API.

Otherwise, you’ll use Auth Code + PKCE. This passes the access toke to the SPA which then passes it on to the API.

Does this help?

John

Yea I think just having those 2 names for patterns will help. I’ll keep looking into it.

If you have examples I should check out for either of these patterns, I’ll be sure to review them. So far I was able to get AWS Cognito working with help of some examples, but I had challenges with auth0 and wasn’t able to get a trial flow working. I’m most interested in standard user/password logins along with support for GitHub federation (will be a tech app).

It will be a SPA (static) using react, I think having api gateway “single api” as you said would work, the only reason I would need/want anything from auth0 would be to only allow authorized users to view the internals of the app along with whoami details like name/account ID which I could receive I’m sure from an api endpoint to populate that data.

Thank you!

For examples, try our Quickstarts. Create a React SPA application/client in your dashboard and it will walk you through the quickstart.

John