Introduction: Securing the Backend Using Auth0
An overview of securing the backend of the app using authentication and authorization.
We'll cover the following
Overview
In this chapter, we'll implement authentication and authorization in our “Q&A” app. We will use a popular service called Auth0, which implements OpenID Connect (OIDC), to help us to do this. We will start by understanding what OIDC is and why it is a good choice, before getting our app to interact with Auth0.
At the moment, our web API is accessible by unauthenticated users, which is a security vulnerability. We will resolve this vulnerability by protecting the necessary endpoints with simple authorization. This will mean that only authenticated users can access protected resources.
Authenticated users shouldn't have access to everything, though. We will learn how to ensure authenticated users only get access to what they are allowed to by using custom authorization policies.
We'll also learn how to get details about authenticated users so that we can include them when questions and answers are saved to the database.
We will end the section by enabling cross-origin requests in preparation for allowing our frontend to access the REST API.
Get hands-on with 1400+ tech skills courses.