VueJS application with Auth0 authentication

Question

I'm a newbie at Auth0 and faced with the following situation:

We are building a new reporting application using VueJS (vue-cli Webpack boilerplate). The application requires Auth0 authentication but with a custom login page. I was able to get through the basic Login tutorial part of Auth0 Quickstart. However past that, I'm finding the tutorials fragmented, outdated, and confusing.

The security requirements for my project are as follows:

• Authenticate all routes in the application except /login and /signup
• Both Login and Signup forms should match the look/feel of the rest of the site
• On Logout/Session expiration the user should be redirected to the Login page
• Any application APIs also need to authenticate against Auth0 (the security token?)

I can't for the life of me figure out if I should use Auth0 API, the Lock widget, or both? I've read through the various Auth0 guides and I think the Lock widget would work but I'm not sure.

Any overall guidance on using Auth0/Lock widget with a vue-cli Webpack boilerplate based VueJS application, would be greatly appreciated.

Thank you.

Answer 1

After an extended discussion with the engineers at Auth0 the conclusion was that in the following use case, a server-side implementation of an authentication service is required. The use case for our application was the following:

• Use 2-factor authentication
• Seamless UX without any redirects to Auth0 (rules out Lock library, auth0.js library)

According to Auth0 engineers, we need to:

• Implement an authentication service that has to pass the client id and client secret key to Auth0 (we're using Python to do this)
• The authentication service talks directly to Auth0 API endpoints
• UI talks to the authentication service instead of Auth0.