Secure SPA/application itself?

Hello there
i’m pretty new to Auth0 so please excuse my simple questions.
I have a pretty similar application you explain in the SPA Article ExampleCo timesheets which I secured till now with php/HTTP Authentication. I set up the Auth0 Environment and the login etc. works pretty well. My question is: How do I restrict the access to the SPA/Application itself to permitted users? It seems to me that the SPA is open for all logged in users, only the APIs are secured by rules/permissions of the users.

Best regards

Hey there!

Sorry for such delay in response! We’re doing our best in providing the best developer support experience out there, but sometimes the number of incoming questions is just too big for our bandwidth. Sorry for such inconvenience!

Do you still require further assistance from us?