Our requirements have moved beyond the Universal login and now we want to implement a custom signup/login UI using the Authentication API (https://auth0.com/docs/api/authentication).
We use a Vue.JS front end and Spring boot backend. The plan is to wrap the Authentication API endpoints in the backend.
We want to understand what the security considerations are before doing this? Specifically, if we go down this route, are we sacrificing any security measures that were in place in the Universal login implementation? Have examined the docs but aren’t sure yet.
Also, it’s important to note that universal login essentially means redirect-based login, and doesn’t necessarily mean you are using Auth0’s UI. You can create a fully custom (bring your own HTML/CSS) login page and still be using Universal Login. The opposite would be an embedded login form.