In this, I'm going to explain and demonstrate how to configure your react app and adding authentication with auth0 account to your react application.
After the new trend of Single page applications, it became more and more popular and used by many domains. Before that authentication for the traditional web apps for a round-trip to the server was working great. Then how do we do authentication in single page applications?
Well, there are various OAuth authentication methods, I'll explain how to use Auth0 server for our react application.
These configuration and sample are divided into two parts. Here is the first one.
As we all know IdentityServer is built with the concept of the central identity provider and it is supporting single sign-on by default as part of its main feature, but the single sign out is not coming as a part of inbuilt feature till IdentityServer3. Now they have added support for front-channel and back-channel specification for server-side clients in IdentityServer4. Here, I am going to explain how single sign out works using back-channel configurations.
Web security is the first step towards creating any user applications now a days. It is not just enough to secure application with simple password authentication and use simple cookie/session for further user state management, rather than we need to use some strong authentication mechanism using different authentication protocols like OAuth 2.0, OpenId Connect, SAML2, WS-Federation etc.
Here I am going to demonstrate IdentityServer4, which is open source authentication provider built on the top of OpenId Connect and OAuth 2.0.
Sometimes we don't want to manage users inside the application, but want to ship it to the cloud and use safer, easier and proven user management system then Azure B2C is the best choice. To fulfil this kind of requirement we need to create, read and update user accounts inside the Azure directory. Azure AD Graph API provides us feature to handle this tasks programmatically efficiently.
It was an interesting topic and a challenge for us, as we have never done this kind of things previously. How can we access our local active directory user on the internet, that was my first question when I read the requirement from one of my client.