I got a problem with understanding some basic thing about auth0, probably someone can help me out.
In the tutorial [SPA + API one of the first lines in the TDLR is this:
Both the SPA and the API must be configured in the Auth0 Dashboard
I dont understand why I need to configure the API on Auth0. My code seems to work so can anyone help me understand if I do something wrong or what the advantages are if I actually add my API in my dashboard.
- SPA (React)
- REST API
What I do
On the Auth0 dashboard I added a SPA application and configured it.
I login on my SPA through Auth0 and get a JWT (google token).
After that I send the JWT as authentication bearer in my calls to the REST API. This works.
On the backend REST API I verify the JWT token with a JWK provider using the Auth0 url
mydomain.eu.auth0.com/.well-known/jwks.json. This seems to work too.
In my Auth0 dashboard I never added a custom API and I dont know why this would be important. Can somebody help me understand this?