Demonstrate the OAuth 2.0 implicit flow with Auth0, React client, and Express API server.
This example follows the Auth0 React quickstart tutorial, follow along for step-by-step instructions.
The key idea is that the client (React) acquires a JSON Web Token ("JWT") from a central authentication service (Auth0). The token proves that the user is logged in, and serves as the user's ID (think of an encrypted driver's license).
The JWT can then be used as proof of authentication everywhere (in this case, to React and to Express). This example contains the following flows:
JWTs need to be encrypted, so they can't be forged or tampered with. This is done using public-key (also known as asymmetric) cryptography. Read this article for a high level explanation.
JSON Web Key ("JWK") is the mechanism through which public keys are distributed. Read this article for more info.