Should the Callback be set to the frontend SPA or to the Backend?

clair.sebastian · August 5, 2021, 7:50am

Hi there.

The premise :: We would like to implement SSO between our 2 SPA’s(one in AngularJS the other in Angular) the backends are implemented in Golang. I have some confusion on where the callback for login should be implemented.What is the best practice around this.

Can the callback url be to the backend, and once the token is received the backend redirects to the frontend. Will auth0 send the referrer url along with the request to callback url in this case?

Or If the callback url is directed to the frontend, then the access token received from auth0 needs to be send to the backend for every request. The API would use its secret to validate the token with auth0, and if valid, would return a 200 response.

Thanks

vb1 · August 5, 2021, 9:59am

It would make more sense for the callback to be directed to the frontend.
Then you pass the access token in every request.
The upside is that if if you use a JWT as a token your backend only need to verify its signature and then it can trust its content (permissions etc …). So your backend doesn’t needs to talk to auth0 at all except at boot time usually to fetch the public key of your auth0 instance.

Topic		Replies	Views
Does authentication belong to frontend or backend? Help auth0 , spa	1	8945	November 14, 2019
Confused on how to implement this architecure Help auth0 , angularjs	4	3572	October 16, 2019
Universal login and @auth0/auth0-spa-js vs @auth0/auth0-angular Help login-experience , new-universal-login-experience	2	534	January 4, 2024
Auth0 post request to /callback url Help connections , saml-enterprise-connection	1	738	December 21, 2023
How to continue a session after authentication with Auth0 on the front-end and back-end Help jwt , auth0 , login	2	2513	October 18, 2021

Should the Callback be set to the frontend SPA or to the Backend?

Related Topics