Vuejs auth_config from server

Hello,

I was following the tutorial Vue: Login. this tutorial makes use of a file auth_config which includes the variables during the build phase. The goal of my app is to build one SPA that can be deployed on multiple servers which each uses their own Application / user database in Auth0. So i just want one build that is able to load the data below from the PHP server and so does not include it in the build.
{
“domain”: “mydomain.auth0.com”,
“clientId”: “myid”
}
One way of doing this would be something silly like

<script> var domain = '<?php echo $domain_name; ?>'; var clientId = '<?php echo $client_id; ?>';</script>

But i find this a bit risky since anyone can just read these variables. Oke you can also read them in the build vuejs files but still …

Does anyone have a solution or some tips regarding this.

Thanks in advance.
Bart

Hi @bart.mommens84,

Anyone that visits your application, logged in or not, will be able to see these variables (domain and clientID) and this is expected. They are required to make an authorize request. Client secret is a different story, but that is exactly why we have SPA flows, because they are fully inspectable and should not contain variables that are private.

Hope this helps!

Thanks,
Dan

1 Like

Hi Dan,

Thank you for your reply, this gives me a bit of comfort since i wasn’t 100% sure what the implications are of making those two variables easily readable by visitors (that inspect the code). The secret is indeed something that must not be shared at all.

Also thanks for providing me with the documentation, i didn’t get that far yet so this saves me some time looking it up.

Great support is most valuable resource a service provider can have.

Thank you for your time and have a nice day.

@bart.mommens84,

Let us know if there is anything else we can do!

Best,
Dan