React app, Drupal backend, SSO

We are having trouble figuring out how to get a React app to use Auth0 when establishing a session with Drupal. We want React’s calls to Drupal’s REST emdpoints to use the user roles from the Drupal session. We think having the App authenticate to Auth0, then use SSO to acquire a Drupal session would be the right architecture, but we aren’t sure on how to implement this. Advice?

--------'x
Details
We want to use Auth0 for login for a React app with headless Drupal: We have to support phone number +OTP as well as email+password, and we want to have some users be able to login to other D8/9 sites in the ecosystem/federation.

The question is: How to use Auth0 for a React App authenticating to a headless Drupal site?

We have Drupal 8 configured to use Auth0 for login based on the Auth0 supported module (https://www.drupal.org/project/auth0). It works fine from a browser but we can’t see how to get it to work from React app.

Our objective is similar to https://github.com/auth0-community/auth0-drupal/issues/163.

We have separately built a React app to provide a login interface with the help of this documentation https://auth0.com/docs/quickstart/spa/react/01-login that logs in directly to Auth0, and this works fine.

Auth0 provides a single sign-on that presumably should allow the App session to be carried over to a Drupal session, I believe using a JWT token. We are unsure how to get this to work and would like advice.

In terms of having the React app login to Drupal and use the Drupal session when making calls to the API, we have had success with using the OpenID Connect module but not with Auth0…

We believe we need to use a JWT access token to do a SSO login to Drupal 8.

Alterntively we can have the React app talk to Drupal8’s Auth0 module, get rediected to Auth0, do the login with email password or phone# + OTP, then get returned to Drupal8 site and return to the React app with a Drupal user session.