The right way to call Auth0 APIs in a web app?


I am planning to write an app that structured from:

  • SPA - React app
  • BFF - Backend for frontend (there is a chance that I will have another BFF for a react native consumer)
  • Gateway - a single source of truth for my API’s
  • Couple of Micro-Services

I am going to use implicit flow.

My question is where is the right place to call to the auth0 API?

Hi @hirschtomer,

Welcome to Auth0!

Why not use auth code + PKCE?

Authenticate in your SPA (or native app), and request tokens for your APIs/backend.

Hey Dan,

Thanks for replying after I read the documentation:

I think that I will go with your recommendations.



1 Like

Let us know if you have any questions!

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.