The system I’m working on has 3 parts to it and I’m not exactly sure how to setup the Auth0 Applications and APIs:
- Single Page App (NuxtJS/Vue w/ SSR)
- GraphQL API that the SPA communicates with (Node/Apollo Server Express)
- gRPC API that receives the requests from the GraphQL API (MaliJS)
Auth0 Setup So far:
My SPA (Single Page Application)
My gRPC API
This application will receive all of the requests on behalf of a user. This will also be sending all requests to the gRPC services on behalf of a user. There will also probably be M2M communication here at some point so we’re planning on it (Processing data feeds and adding information to the system).
The gRPC app will never receive a direct request from a user. The gRPC will receive requests on behalf of users, as well as automated processes where there is no user (M2M)
- How should I setup the “GraphQL API” application? Generic? Regular Web App?
- How should I setup the gRPC application? Since this only gets requests from other apps, some on behalf of a user, some from other scheduled services, would this be an M2M? Or Generic/Regular Web App?
My background was always implementing a standard user/password setup that was build in-house so using a 3rd party and JWTs is new to me. I tried to implement middleware in the gRPC API that would allow me to verify/decode the token but I was unable to do it successfully. I could not find any examples of handling the tokens without using middleware for frameworks like express, koa, etc…
I also looked into passport-auth0 but it requires express and express-sessions, which do not exist in the gRPC application.
Any help would be greatly appreciated!