Hello,
Not entirely an Auth0 issue but hoping someone can help!
I have an app that uses Auth0 as the login provider and can login through multiple providers - Facebook, LinkedIn, Google, MS and Apple. This all happens client-side and I get the id and access tokens from the relevant service. No errors.
My app then connects to Azure App Services using the Microsoft.WindowsAzure.MobileServices API
I use this to create the connection to the service:
client = new MobileServiceClient(https://mycompany.azurewebsites.net);
The app can then sync data between the local SQLite db and my Azure SQL db.
This all WORKS, no errors.
PROBLEM - the endpoint https://mycompany.azurewebsites.net is set with anonymous access and is not secured.
I can enable App Service Authentication and implement something like this for most authentication services, passing in the already-received tokens from login:
task = Task.Run(async () => await client.LoginAsync(MobileServiceAuthenticationProvider.Facebook, AccessToken));
user = task.Result;
This is fine for MS, Facebook and Google authentication BUT there is nothing in the API for LinkedIn or Apple.
Apple certification requires and Apple login IF other provider login choices are also made available to the user.
Question:
How can I secure the Azure App Service in Node.js to accept an app ID and or password or token that I can supply from the client side as constants to simply allow generic but somewhat secure access to this URL: https://mycompany.azurewebsites.net and NOT have this set with anonymous access?
Can anyone please shed light on this?
This is a major block in final progress with the app.
Thank you