I have worked out the asymmetric (RS256) auth0 scheme for:
Google login -> React SPA -> API
This works well. However for this small store site I have a customer requirement to handle “anonymous” purchases. As in a customer can order from the site, the transaction is handed off to PayPal and the store keeps no user information at all so no order history, etc.
Without some sort of login to auth with how should I authenticate the React/API communication? I have several ideas but I am wondering what best practice is.
Edited: meant to state RS256…