Mobile app: server side authentication

Our mobile apps have to support multiple different authentication(old and custom) processes. To avoid cluttering the client code we have move all authentication to the server side. Now that we are adding Auth0 to the mix, is there any reason why we could/shouldn’t use the REST API on our sever to authenticate with Auth0?

Thank you.

G Ricker

Hi George,

First, this sounds pretty complex. I suggest considering using Auth0’s Professional Services for help with this. We could help unclutter the situation

If I understand, your client does Resource Owner Password Grant to your server (the client passes the username and password to the server), and then your server does ROPG to various IDPs on behalf of the client. Correct?

The ROPG is not recommended: https://oauth.net/2/grant-types/password/

Auth0 does support ROPG. I think, though, taking a different approach may improve the situation.

John

Thank you. This is good information and the reason I asked in the first place. I have to go back and see what options I have available. If we use the SDK on the client I think it’s possible to use our current login page instead of the default one offered? Even modifying the default was not sufficient, I need to use the current one we have