Understand Auth0 (1) - API and APP
Auth0 is a platform to implement authentication and authorisation. Through auth0, you can easily sign up/ login users in your APP.

First touch on Auth0 - APP

You first touch on Auth0 should only be Application feature on dashboard. There're different types of App, the common used ones for me are "Machine to Machine" and "Single Page" type.

  1. Single page: use this application credential in your frontend app, ex: angular, react, etc.
  2. Machine to machine: use this to get token from this tenant.

When to use Single page

When you need to authenticate users with your front-end APP, you can create this type of application, and use the credential. There's a quick start when you create it, so won't mention how to use it here.

When to use Machine to machine

this is needed, when you need to get your JWT token after login, ex: directly call Auth0 endpoint, or get token through hooks/rules, use swagger to authenticate.

Have you successfully created a simple App with Single page application in Auth0?
Congratulations!
We could go further.

Try API

Now, you might want to link your Frontend app with you backend API. here's several tips:

  1. you can use the default API to authenticate the call from front ent.
  2. create a Single page application to authenticate the frontend
  3. you don't have to create a machine to machine application, except you need to use a client Id to get token. For instance, you need to use swagger to Authenticate.
  4. you need to add audience and scope into your frontend. Because backend is using audience and domain (may have claims) to authenticate, without these items, the access token is not valid for backend. You could find, the access token become longer after these 2 items are added.

SDKs for Frontend

I found there's 3 SDKs for my Angular application - auth0/auth0-angular, auth0/auth0-spa-js and auth0-js. I was very confused. So here is some explanation:

  1. React and Angualr has library, so in angular app, can use auth0/auth0-angular
  2. auth0/auth0-spa-js is for single page application, it can be used in app writen by Javascript, Vue, Angular and React
  3. auth0-js is the old one, can integrte with more platform, ex: ionic.

So when you choose the SDK, the specific SDK towards your library, ex: auth0/auth0-angular, would be simpler and less work to integrate with.