I would like to implement a login with email/password on my SPA website.
I want a user to fill out the form directly on my website and submit it without redirections and popups.
As I understand I should you “Embedded login”. I checked the docs, it offers me 3 options:
Use Lock
Use Auth0.js
Manullay call Authentication API
As I understand, the only option that fits my needs is the 3d.
i.e. I should call auth API manually (Resource Owner Password Grant).
The only problem is that I don’t understand how to keep a user logged in after the access token expires.
Is there a session involved here so I can request a new access token without asking for user credentials?
Can you help me understand why you think calling the API directly is your best approach?
When using the Auth0 Authentication API directly, you can manage user sessions by leveraging refresh tokens, which allow your application to maintain authentication without needing the user to re-enter credentials.
I would like to avoid any redirections and popups on my website. Auth0 Lock has popups and redirects, and Auth0.js has a redirect as well. Only calling API directly (Resource Owner Password Grant) seems to be a perfect solution, because it doesn’t lead to any redirects