We use auth0-react for our front-end UI and node-auth0 for our back-end. The front-end passes an access token to the back-end to authenticate and authorize any operations.
We only use the session capabilities provided by Auth0 via auth0-react; our system has no separate implementation of “session”.
We would like the back-end to forbid access after a user has logged out.
As per the Knowledge Article “Invalidating an Access Token after User Logout”:
This is why an Application should be configured to check Auth0’s session.
What are some ways that our back-end can check Auth0’s sessions?
I tried using node-auth0’s SessionsManager via ManagementClient (docs), but that seems to only be available on the Enterprise tier.
Thanks!
SDK Versions:
auth0-react: 2.2.4node-auth0: 4.16.0