Closed arrested-developer closed 5 years ago
Even better, it appears to offer role-based user authorization
From https://auth0.com/docs/architecture-scenarios/spa-api
Auth0 provides API Authentication and Authorization as a means to secure access to API endpoints (see API Authentication and Authorization)
For authorizing a user of a SPA, Auth0 supports the Implicit Grant (see Implicit Grant) Both the SPA and the API must be configured in the Auth0 Dashboard (see Auth0 Configuration)
User Permissions can be enforced using the Authorization Extension (see Configure the Authorization Extension)
The API will be secured by ensuring that a valid Access Token is passed in the HTTP Authorization header when calls are made to the API (see Implement the API)
The Auth0.js library can be used to authorize the user of the SPA and obtain a valid Access Token which can be used to call the API (see Authorize the User)
The SPA can pass the Access Token in the HTTP Authorization header when making calls to the API (see Call the API)
The SPA can display UI elements conditionally based on scopes granted to user (see Display UI Elements Conditionally Based on Scope)
Joe has suggested we use Auth0.com which offers 3rd party authentication and 7000 users on the free tier