Hi guys,
I am new to the authO platform and building web apps in general.
The issue i am facing is that I have no idea about what kind of authenticaton I need.
I checked out the quickstarts but they confuses me further!
So here’s my application setup:
- I have a node/express server that has all my apii/db stuff on it!
- I have a webpack server that has all my react stuff on it
I am building a SAAS application and i can’t figure out how I should authenticate my users=
Should I authenticate using express api or the react frontend.
According to my understanding of the quickstart , I am supposed to use both the Single page app quickstart and the api/backend quickstart.
It will be really appreciated if you guys can help me out .
Hey there,
Let me see if I can help demystify this a bit. When creating an application such as your there are two components. The client (your react application) and a resource server (your express API). Without knowing much about your design details I am going to assume the express API is a RESTful service and the React Application is a SPA application without a server side logical component. With this in mind here is how I would approach this:
When authenticating users your client (react app) needs to know about who the user from the authorization server (auth0). Also, you client (react app) wants to be able to talk to your resource server (express API) on behalf of the user. When the client talks to the API it needs to provide a token letting the API know what it is authorized to do.
In otherwords you need to authenticate your users with your react application and request an access token for your API. To do this in Auth0 I would recommend:
- Have you react application authenticate the user via Implicit Grant flow requesting an access_token and id_token. You can see how this works with any of our SPA quick starts.
- After you authenticate your users the react application will send the access_token as an authorization header to your express api. In the API you would need to validate the JWT and enforce the authorization policy.
Let me know if this helps out.
Shawn
1 Like