Auth0 Home Blog Docs

Simple In-App Signup Without Universal Login

Hello,

We are currently exploring auth0 as a identity management solution for our business. However, I am finding auth0 and its surrounding documentation to be incredibly obtuse and unclear.

In our flow, we have a simple signup form, i.e.
Email: __________________
Phone: _________________
Password: _____________

For business, legal, and technical reasons, we CAN NOT want to take the user to the universal login/account creation for signup. We must use our own in-house form rolled by our engineers in React JS.

I’m struggling to understand if this is possible or what steps would be involved. After looking at https://auth0.com/docs/api-auth/tutorials/password-grant, I have tried the following flow:

  1. Upon user creation within our system, we make an API call to create user in auth0 database connection, registering their email and password in the DB.
  2. When the user fills out their login info on our form, we call the /oauth/token endpoint with this payload:
  {
    grant_type: 'password',
    username: email,
    password,
    client_id: getEnv('AUTH0_CLIENT_ID'),
    client_secret: getEnv('AUTH0_CLIENT_SECRET'),
  };

We then receive a JWT access token from auth0.

However…according to the docs, and my general feeling, this is intended for API access and not general user validation within your API. I’ve noticed strange things that totally break our existing passport/JWT integration, such as the audience field returning the CLIENT_ID and not the actual audience (seriously, what gives? this breaks any normal JWT-based auth flow)

Any help in clearing the fog here would be much appreciated.

Hi @william2,

Welcome to the Auth0 Community!

So, it sounds like you are interested in embedded login. I would take a look at this example if you haven’t already had the chance to. It will have some informational value.

Familiarize yourself with cross origin authentication.

In regards to the audience, what are you wanting to have returned there instead of client_id?

Thanks,
Dan