Let’s say it allows the users of those websites to do some math calculations. So, the end-user is not my user. They are my customers’ users.
The customer websites must purchase the widget in order to use it in their website.
how can I protect the library? How can I authenticate my client-side customers?
Of course, we don’t want the end-user to do any logins. That should not be their concern.
Also, I don’t want un-authorized websites (that has not purchased the lib) be able to use it.
One simple solution would be creating an API key for each customer. The JS widget sends it back to my server for authentication and will work only if the API key is valid. But then anyone can use that API key since it’s on the client-side JS code.
Can Auth0 be used for this purpose?