I’m considering to build my customer web system with the follow components
- WordPress and React SPA as a website under the same domain.
- UserManagement API backed the website.
- All components are authenticated by Auth0
And this system will update own userinfo with following process. Is there any wrong point from the viewpoint of security?