Hope you doing well. I have implement auth0 in my application, and I want to know that is it the best best approach. My use cases were **
*** Login using email password
*** Social login using google and Facebook**
*** Sign up using email. User will enter email and check if it exists then takes you password setup page**
*** Forget password flow is user enter email then an otp will be send to email will confirm otp and takes to reset password page **
**Now everything I am handling on frontend ** Problem is I have created 3 applications hand all use cases reasons behind is
1. Initially i create SPA because i was working on react app but when i try to send otp on email it does not support that. 2. For that i have created a another application which is regular application which support email part. But both does not support user existence in db and and password update.
**3. For that reason i have created management application. **
**Now i think thats not a right approach. Can you please suggest me proper solution which will help me to full fill all use cases. I have subscribed account too. **
knowing all this need your assistance how can i use Auth0 in proper way i can move my code to backend too as now i am doing everything on frontend. Just need proper guidance, as i have to use auth0 access token for accessing my APIs too. Really appreciate your answer.
Generally I would recommend taking a look at our Universal Login documentation, as it does touch on the points that you mentioned, but let me try and break down and provide some useful info/documentation on your topics:
Social login with Google and Facebook : the identities of these users will be managed by their respective IdPs
User signup and login with email/password combination : you can setup a Database Connection to store and manage your users
Forgot password flow with OTP: at this moment, I believe there is no way of enforcing an MFA challenge before the password has been changed, but you can accomplish this after the change using Actions. One scenario would be to use Post Change Password Flow in order to add add metadata to the user to flag that this change has happened. On the next login, you could use another Action to check that flag/attribute and if true prompt for MFA during login flow
Once the application has been configured, you will need to enable at least one Database ( regardless of the type) in order to allow the users access to the application. Actions such as resetting the users’ password or managing their profile attributes are done on the Database side, so it should not interfere with the application.
You can find more information on how to get and use the Access tokens to complete the circle.