Secure custom UI login with the Authentication API

Our requirements have moved beyond the Universal login and now we want to implement a custom signup/login UI using the Authentication API (Authentication API Explorer).

We use a Vue.JS front end and Spring boot backend. The plan is to wrap the Authentication API endpoints in the backend.

We want to understand what the security considerations are before doing this? Specifically, if we go down this route, are we sacrificing any security measures that were in place in the Universal login implementation? Have examined the docs but aren’t sure yet.

Hi @ben18,

Welcome to the Auth0 Community!

Our docs are pretty extensive when it comes to the risks of the different styles of login, this doc in particular: Centralized Universal Login vs. Embedded Login

Also, it’s important to note that universal login essentially means redirect-based login, and doesn’t necessarily mean you are using Auth0’s UI. You can create a fully custom (bring your own HTML/CSS) login page and still be using Universal Login. The opposite would be an embedded login form.

This doc explains how to use Universal Login and your own UI: Customize Classic Universal Login Pages with Lock or SDK