hello @john.gateley
in my scenario have to get username & password using postman.
than get these credentials in express app and make a call to auth0 server to authenticate this user.
in response want to set access_token & refresh_token in cookies and send response object to postman including userinfo with role details
thanks john.
but my application flow is
→ frontend (flutter mobile app)
→ backend nodejs (express)
there are different roles like super_admin, restaurant_owner, restaurant_manager, restaurant_staff.
i have to authenticate all actors from auth0 server via express login api that will request to auth0 server and return access_token n refresh_token.
using express return will set these tokens to cookies, after that we have to authorize all request to access express other apis.
There are many drawbacks to the approach you are taking. You can do it, via ROPG, but there are many security issues with it.
Instead, you should use the Auth Code + PKCE flow, have the front end redirect to Auth0 for authentication, etc. This is the Industry Standard approach.
If the front end also calls other APIs than the backend, then use Auth Code + PKCE.
If the front end is ONLY communicating with the backend, then you can use Auth Code.