I’m using Node and Express for the backend of a mobile app (Flutter).
I’d like all authentication REST facing the client to be auth0’s, since they can handle attacks and security in general much better than me.
Sign Up -
- Client sends a request to a signup endpoint on auth0’s server, with custom fields in addition to the existing ones.
- On authentication success, auth0 sends an s2s to a signup endpoint on my server with the signup data, as well as a JWT token containing the auth data.
- Auth0 incorporates the data responded from the signup endpoint on my server into the response to the client.
Sign In - Same as Sign Up basically, except there’s no need to accept custom fields from the client.
If such a flow is possible, can you please refer me to the relevant docs? Example implementations in node/express would be much appreciated as well.