I have a SPA React app and an expressjs API.
I would like to identify the user accessing the API using their email address. I found out how to do this using actions. However, this is not available in the free version so we would like a different method.
The alternative I found is using passport to keep a session with the user data. But this I don’t understand. Does implementing the authentication like this use a completely different flow than the Authorization Code Flow? As I understand it, this forces all login requests to happen through the API. But I find this to be a bit clunky. And can I still use the Auth0Provider for React if I use this flow?
Concretely: are actions and passport the only way to get email data in the API? And, am I understanding it correctly that I would need to use a completely different flow?