Let me preface this by saying I am a very new user of auth0, and likely have not not understood OAuth correctly.
I am trying to build a react SPA, which allows a user to log in via twitter, and then analyses the tweets from their timeline. I would like for this analysis to continue to happen in the background, while the user is not logged in.
I’m not sure what the correct way of structuring my API/auth is. I need to allow the SPA to authenticate on twitter, and access the backend. The backend then also needs to be able to retrieve that users’ twitter token, to access the twitter API.
- Can I allow the implicit grant flow of a SPA, and then somehow use the corresponding access token to retrieve the twitter token?
- Can I use the code grant on the backend, and somehow pass the appropriate token on to the SPA?
- Something else?
Are there any examples of code doing this?