We have an existing API service that we started building a few weeks ago. We’re about to kick off the frontend development using Next.js soon.
We looked at the example projects and docs of the Next.js Auth0 lib, it seems all the examples require an API service (/api/auth/[...auth0].js) to handle auth on the backend of the Next.js project.
Is there any way to use Next.js with Auth0, but only the frontend side of it (similar to a plain React app)? We don’t want to use the API service feature of the Next.js (just because our API service is already built, and lives on a production infrastructure).
Note: We tried to mimic the React project, but it seems we try to hack it, and thus, we couldn’t get it right.
As @felix3 has mentioned in their reply, their approach to the issue at hand is quite valid. Since this was also confirmed by one of my colleagues as mentioned here:
This is safe because the Next.js SDK is used for Regular Web App (RWA), which are private clients and can securely store secrets, specifically the client_secret. This is completely safe.
We do recommend short lived access tokens, but be cautious of hitting rate limits. It is possible to cache API Access Tokens which I’ll link here: Caching Management API Access Tokens in Login Action. This can help with using the same token instead of always getting a new one and can be done using actions.
If you have any other questions, feel free to leave a reply or post again on the community!