i’m pretty new to Auth0 so please excuse my simple questions.
I have a pretty similar application you explain in the SPA Article ExampleCo timesheets which I secured till now with php/HTTP Authentication. I set up the Auth0 Environment and the login etc. works pretty well. My question is: How do I restrict the access to the SPA/Application itself to permitted users? It seems to me that the SPA is open for all logged in users, only the APIs are secured by rules/permissions of the users.