How to integrate auth0 with an SPA that has a backend

ebramsherif · May 9, 2019, 3:47pm

Hello,

So i will quickly list the current requirements and what we have. We already had an auth solution that we wish to replace with auth0

SPA that has been using JWT access tokens for authentication
We have a backend (node express) for that SPA. The backend is an api gateway so basically the SPA does not communicate directly to the auth provider, but the backend authenticate on behalf of the user using the SPA and then sends back the token to the SPA to store it there. (The backend kind of acts as a proxy)
We have our own custom login page (it will be necessary to not use the one provided by auth0)
Once authenticated, the SPA sends the token every time in an authorisation header and the backend checks the authenticity of the token, hence protecting the other APIs this backend has to redirect to.
The frontend (sadly) is storing both the access and refresh tokens but we hope there is a way to not do so with auth0

At this stage i am not sure where the Auth0 integration should happen and which start guide to follow

dan.woda · June 12, 2019, 6:21pm

Hi @ebramsherif,

Thanks for joining us in the Auth0 Community, and I apologize for the delayed response.

You can setup a secure session via a cookie between the SPA and backend, and store the tokens on the backend. This is a more secure solution than having the tokens stored in the SPA.

If you desired to continue to use tokens in the SPA that can be done too. In fact, you can do full authentication from your SPA if desired, using the implicit flow.

This doc will introduce you to the concepts of custom UI login at Auth0, and what that will require. There are some pros and cons, and they are laid out in that doc.

If you wanted to get started and check out an example, take a look at our backend quickstarts.

Let me know if you have more questions.

Thanks,
Dan