Using Auth0 with MERN stack

I am trying to implement Auth0 authentication with MERN stack.

However, it is confusing because React only seems to be communicating with the Auth0 server when authenticating as shown in the tutorial here.

So is the nodeJS server then assuming that any token sent from the client is legit? the server doesn't do any authentication of the token sent from the client? Isn't this quite risky as tokens are stored in LocalStorage on the front end?

1 Answer

You are correct in saying that at this point your resource server is not protected. The tutorial you are referring to only authenticated the user via the auth0 authentication API. However, you still need to protect the resource server.

A basic standard flow would be: user requests protected resource from the front end -> front end sends access token from local storage to Node server -> Node server accepts access token -> Node server decodes access token, does multiple validity checks (expiry, audience, etc) -> Node server return protected resource if access token passes checks.

So you just need to set up your Node server to accept and check JWTs.

Your Answer

Sign up or log in

Sign up using Google Sign up using Facebook Sign up using Email and Password

Post as a guest

By clicking “Post Your Answer”, you agree to our terms of service, privacy policy and cookie policy

You Might Also Like