So i will quickly list the current requirements and what we have. We already had an auth solution that we wish to replace with auth0
- SPA that has been using JWT access tokens for authentication
- We have a backend (node express) for that SPA. The backend is an api gateway so basically the SPA does not communicate directly to the auth provider, but the backend authenticate on behalf of the user using the SPA and then sends back the token to the SPA to store it there. (The backend kind of acts as a proxy)
- We have our own custom login page (it will be necessary to not use the one provided by auth0)
- Once authenticated, the SPA sends the token every time in an authorisation header and the backend checks the authenticity of the token, hence protecting the other APIs this backend has to redirect to.
- The frontend (sadly) is storing both the access and refresh tokens but we hope there is a way to not do so with auth0
At this stage i am not sure where the Auth0 integration should happen and which start guide to follow