We’re moving our applications to Auth0 with SSO using hosted login page etc. We will also be moving towards SPA:s and micro services, so it’s expected that some SPA:s will need to access multiple services (multiple API:s). Furthermore, we want to be able to make our apps multilingual, including the login page and the consent dialog.
In this scenario, I have come to understand that we should probably use a single Auth0 API config and use scopes to control access to the various API endpoints. Otherwise each SPA will need to authenticate once per API (= once per audience). Right?
Fine, but… I understand that the consent dialog parses the scope id:s and expect them to follow a “verb:resource” pattern, in which case the consent dialog shows [Resource]: [verb] your [resource]. First, I’m not sure we will be able to fit all our scopes into that pattern. Second, how is translation handled?
If we specify language: 'sv' for the lock widget in our hosted login page, will the consent page also be shows in Swedish?
But it won’t be able to translate [verb] and [resource], right? So would result in some mixed-language message like [Resource-in-english]: [verb-in-english] din [resource-in-english] (“din” = “your” in singular, plural would be “dina”, which itself would be problematic).
If we opt to use scope descriptions for the consent dialog, we can use any scope naming pattern we like, but there doesn’t seem to be any way to provide scope descriptions in multiple languages. Or how would we accomplish that?
Finally, I see in the hosted login page template that it extracts some language info from @@config@@. I have deduced that extra URL params will end up in config.extraParams. But the template extracts language settings from config.dict:
var languageDictionary;
var language;
if (config.dict && config.dict.signin && config.dict.signin.title) {
languageDictionary = { title: config.dict.signin.title };
} else if (typeof config.dict === 'string') {
language = config.dict;
}
Where do we configurate what ends up in config.dict? We’re using Auth0.js in the SPA, so examples based on that would be welcome.