Hello Auth0 Community,
I’m planning to implement Auth0 as an authentication system for our application with the following requirements:
System Architecture:
- Application backend hosted on AWS
- React client applications running on terminals within our on-premises network
- Connection between on-premises and AWS via Direct Connect
- mTLS is mandatory for all client-to-AWS communications
- Authentication using username/password only (no external IdP integration yet)
Current Challenge: Since mTLS is only available in Auth0’s Enterprise plan (which we’re not using), I’ve set up the following workaround:
- Deployed a reverse proxy on AWS pointing to
https://{AUTH0_DOMAIN}/ - All client-to-Auth0 traffic routes through
https://auth.ourapp.com/(resolved via Private Host Zone) - Planning to implement login forms using Embedded Login
However, I’ve encountered these implementation issues:
- auth0-spa-js only supports Universal Login
- For auth0.js implementation, I’m unsure if PKCE with authorization code flow can be used with Embedded Login (Reference: Customize login page when using Authentication API with PKCE - #10)
Questions:
- Is it possible to use Universal Login with our reverse proxy setup?
- If implementing with Embedded Login, what’s the most secure approach?
- Are there better alternatives for using Auth0 in an mTLS environment that I haven’t considered?
Any guidance would be greatly appreciated.
Thank you!