Hi,
I have a React SPA and a HapiJS (Node) API.
I’ve managed to get authentication working on the React app, by following the built-in guide on the Auth0 dashboard. I haven’t got authorisation working on the API yet but I think that’s mostly on my end, so would be do-able.
I was trying to setup environment variables on React app, when I was reminded that values won’t be secret on an SPA.
Whilst I assume this has already been thought of and that exposing the client ID and domain may not be the end of the world, I would still like to handle everything on the API side.
I keep getting lost and confused in all of the documentation. I did come across this doc, which I think outlines the flow I want.
How do I do this?
My questions:
- Do I need to represent the SPA with an Auth0 application?
- Do I need to represent the API with an Auth0 API or an Auth0 application?
- Is my current implementation okay anyway?
- What is the recommended setup and flow for a custom SPA and API like this?
- Can you recommend specific documentation for this?
Thanks,
Alex