Hi @nayan,
Welcome to the Auth0 Community and sorry for the late reply.
You are still able to use the above mentioned documentation even though you do not have a pre-configured backend API, since the data is being transferred using a signed session token, so that:
The token will be validated to ensure that:
- The signature is valid.
- The token is not expired.
- The state claim within the token matches the state parameter used as part of the redirect.
This Knowledge Article provides more information.
However, as mentioned in our docs as well, passing information back and forth in the front channel might open up surface area for bad actors to attack, so that is why a backend is recommended for sending information securely.
Another option would still be using the AuthorizationParams from the React SDK if you want to send custom parameters to the Authorization Server. This community post explains the details :
I hope this helps your use case, but others as well.
Thanks,
Remus