Hi. I’m building a React SPA with a .NET Core API/backend. The application will be used by many (smaller) companies. Each company will have one or more admin users. The admin users will have the ability to create new users. New users will receive an email invite to set their own passwords.
I’m really at the start with trying to use Auth0. While I’ve sucessfully created the ability to sign-up and authenticate users through the SPA quick starts (and other materials), this doesn’t address the ability of an admin to create additional users. I’ve read through many pages on the Management API, and I understand I would need to use that to create users.
So, with that background. Here’s my question: once you get to the point of having to use the management API to create/manage users, which for all intents and purposes, has to be done from the backend, does it make sense to still handle authentication through the front-end? Or should I exclude the SPA entirely in this process and handle everything on the server side?
Thanks much for any guidance here.