SPA login, then send data to my own API

vicatcu · March 8, 2022, 3:44am

I followed the Angular quick start: Auth0 Angular SDK Quickstarts: Login and I got all the way through it to the point where I can dump the logged in user$ to the page and have a look at what I get. It looks like I get this sub field in the result which I can use to uniquely identify the logged in user.

Is it legit to then pass the value of that sub field along to my API routes (e.g. in the payload object of a POST) on my own server to reliably and securely associate the API access with the logged in user? If not is there an article I can read to help me bridge that gap?

tyf · March 9, 2022, 6:45pm

Hey there @vicatcu, welcome to the community!

While the sub field does indicate a unique user, it’s a small piece of the overall flow . I definitely recommend taking a look at the following architectural overview which outlines the suggested approach to Authentication/Authorization between a SPA app and API as defined by OAuth/OIDC:

Another article that may be of use:

Hope this helps to get you started in the right direction!

Topic		Replies	Views
SPAs and API calls -- how do i determine my user Help	4	3036	May 14, 2021
Confused on how to implement this architecure Help auth0 , angularjs	4	3572	October 16, 2019
SPA app that queries my own server, rather than auth0 directly? Help spa	2	4231	March 2, 2018
Angular SPA with ASP.NET API and SSO Help angular-2 , sso , spa , aspnet-core , aspnet	7	7913	March 2, 2018
Get User Data Server Side - what is a good approach? Help spa , data , get-user-info-using- , server-api	3	7977	July 25, 2019

SPA login, then send data to my own API

Related Topics