User creation/register and user login via own screen

Help
,
1

Hi everyone,

It seems like this topic keeps coming up, but there’s still no clear explanation with relevant examples. So, I’ll try asking again:

Scenario

We’ve built an app with our own custom login and registration pages. Our goal is to use Auth0 functionality exclusively through its APIs, without redirections or popups.

Questions

  1. Is this possible with Auth0?
  2. If yes, where can we find a clear explanation and diagrams detailing how this flow should work?

For example:

  • If a user logs in through our custom UI and doesn’t yet have a token, how should this login process be handled?
  • All documentation mentions that calling the Management API or Authentication API requires passing a token. How can we proceed when no tokens are available initially?

Any guidance or examples would be much appreciated!

3

Update:
I managed create my own register flow as:

  1. On SPA → Own Register page → User populate form with email, name, password and there is a call to own server.
  2. Own server call to /api/v2/users with relevant input and user created.
  3. Success message returned to SPA and navigate user to own login page.
  4. Now we want implement Login after successfully user creation, SPA call to own server with user/password, own server will call to Auth to perform login.
    Question: What API need to call to perform Login for this User/Password and return to SPA relevant token which we get when we to a Redirected Login?
5

Hello @vova! Welcome to the community, thank you for the update to the post.

To answer the first part of the question, yes it is possible using Embedded Login, this is not recommended as it has security risks. The steps to implement it are in the docs.

One clarification is the Authentication API doesn’t require tokens to use like the Management API does.

To login using the API, use this endpoint. Signing a user up will also automatically log them in.

We suggest using the New Universal Login with PKCE to ensure the most secure platform. You are able to customize that to keep a consistent branding for your application. This will avoid having to create users and log them in using the API. This will need a redirect during the login.

I hope this helps! Feel free to reply with more questions if you have some.

Best,
Alex

1 Like
6

Hi Alex and thx for respond,

I managed to authenticate a user via BE api and get the token:

    const response = await httpClient.post(
      `https://${AUTH0_DOMAIN}/oauth/token`,
      qs.stringify(data),
      {
        headers: {
          "content-type": "application/x-www-form-urlencoded"
        }
      }
    );

My question, it is possible now (after successful call above api with received token) validate a user on FE side like if we procced with redirection process (the isAuthenticated status is synced)?

  1. I mean can we get isAuthenticated status via auth0Client(React/JS)?
    const isAuthenticated = await auth0Client.isAuthenticated();

  2. What is “correct way” check isAuthenticated status for “manually” sign in user?

7

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.