nice blog! I wonder how one could manage Auth0 token lifecycle with micro-frontends. I am building a React SPA which has a container that contain other micro-frontends and am considering the PKCE flow. What do you think would be the most effective approach to share the authentication? I think that one approach is to inject the token to micro-frontends by the container (that handles authentication) during initialization and another approach is to share the token via the cookie.
It sounds like you're achieving micro frontends by joining together multiple React components/apps either at runtime or at compile time. In that case you should be able to have your authentication done at a higher level than these app then either inject it as you say, or provide it through a context provider. I would consider abstracting it away entirely and providing your components with an authenticated fetch api where the abstraction handles attaching authentication to requests and handling token lifecycles. That api could then be injected or provided. A caveat on that is that I haven't thought deeply on potential edge cases.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
nice blog! I wonder how one could manage Auth0 token lifecycle with micro-frontends. I am building a React SPA which has a container that contain other micro-frontends and am considering the PKCE flow. What do you think would be the most effective approach to share the authentication? I think that one approach is to inject the token to micro-frontends by the container (that handles authentication) during initialization and another approach is to share the token via the cookie.
It sounds like you're achieving micro frontends by joining together multiple React components/apps either at runtime or at compile time. In that case you should be able to have your authentication done at a higher level than these app then either inject it as you say, or provide it through a context provider. I would consider abstracting it away entirely and providing your components with an authenticated fetch api where the abstraction handles attaching authentication to requests and handling token lifecycles. That api could then be injected or provided. A caveat on that is that I haven't thought deeply on potential edge cases.