I wonder how one could manage Auth0 authentication (lifecycle) with Micro Frontends. I am building a React SPA which has a container that contain other micro-frontends and am considering the PKCE flow. What do you think would be the most effective approach to share the authentication? I think that one approach is to inject the token to micro-frontends by the container (that handles authentication) during initialization and another approach is to share the token via cookies.
Asked
Active
Viewed 698 times
1
-
Please edit the question to limit it to a specific problem with enough detail to identify an adequate answer. – Community Dec 23 '21 at 20:25
1 Answers
0
When you display a microsite in an iframe or HTML5 web component (or native app web view) IMO the best way would be to add a authorization HTTP request header with the JWT access token? e.g.
Authorization: bearer [JWT]
Adding HTTP headers to iframe is discussed here. Looks like it's possible, but also might be some limitations... if you do run into problems you could always add the JWT as a querystring param and convert this to HTTP header in API gw that sits in front of your back-end API... note: if you do the querystring approach you should ensure there's no PII in your access tokens (which there probably shouldn't be regardless) as this would not be encrypted in transit.
Ryan.Bartsch
- 3,698
- 1
- 26
- 52