Thank you for your response.
That’s correct, there are already two applications there. However, to clarify, the API Explorer Application must be a Machine-to-Machine application type and generally left the way it is. It is used for the Auth0 Management API.
The Default App could be used and configured for your application, but I leave it alone because the Default App name is not very meaningful.
Instead, I recommend that you create a third application using the Create Application button, give your application a meaningful name, select Single Page Application as your application type and, press Create.
While you’re still in your new application, be sure to scroll down in the Settings to Allowed Callback URLs and Allowed Logout URLs and include the necessary callback URLs. See here for more details.
Once that is complete, you have completed the configuration for your Auth0 SPA Application.
Now, keep a note of the following properties:
- Client ID
- Client Secret
- Allowed Callback URL
These values are needed to set up your configuration variables in your Heroku environment setup.
Now, to create your whitelisted users you can navigate to Dashboard>User Management>Users and press on the Create User button. From here, create those users individually, making sure the connection is set to the Username-Password-Authentication connection.
Double-check that the Username-Password-Authentication has Disable Sign Ups enabled. After doing so, you will have created an isolated Database for your users.
Lastly, you may not want to allow this DB connection to authenticate on other applications. To restrict access to only your new app, go to the Username-Password-Authentication connection > Applications and disable other applications.
I hope this helps! Please let me know how this works for you.