The right way to call Auth0 APIs in a web app?

Hey,

I am planning to write an app that structured from:

  • SPA - React app
  • BFF - Backend for frontend (there is a chance that I will have another BFF for a react native consumer)
  • Gateway - a single source of truth for my API’s
  • Couple of Micro-Services

I am going to use implicit flow.

My question is where is the right place to call to the auth0 API?

Hi @hirschtomer,

Welcome to Auth0!

Why not use auth code + PKCE?

Authenticate in your SPA (or native app), and request tokens for your APIs/backend.

Hey Dan,

Thanks for replying after I read the documentation: https://auth0.com/docs/authorization/which-oauth-2-0-flow-should-i-use

I think that I will go with your recommendations.

Thanks!

Regards,
Tomer.

1 Like

Let us know if you have any questions!

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.