Authorization server, Oauth2 and auth0

Question

I have some questions because I don't understand well how implement authentication flow.
Reading some docs I found image below

Now, I understand the access token and refresh token, but I don't think I understand how to implement it.

I have a project where frontend is angular and backend is node.js koa with microservices architecture and gateways in front of them. I can use auth0 like oauth2 authorization server with users stored inside?

How? In auth0 docs there are tons of instructions and I cannot understand which is right for me.

I have to intercept login, logout and sign up by gateway and redirect to auth0 or I have to do this inside my user microservice?

Does a user table make sense in my project(s) where there are also personal info table and company table?

Is in this way the authorization server sso for all my company projects?

Can I add external company's SSO?

Can I add Google sign in?

Answer 1

You can follow Auth0 Angular Quickstarts to implement your scenario. It exactly shows step by step implementation. https://auth0.com/docs/quickstart/spa/angular2/01-login

From architecture level, you are doing following:

1. Frontend application (angular) uses auth0-spa-js to implement Authorization Code flow + PKCE to implement login flow. It simply performs user authentication and obtain a token which request API scope as well. To request API permission, add the audience parameter when initiating the login flow.
2. Once you obtain the token, access token can be used to call your backend API.
3. In the backend server , you should implement API authorization (It validates the access token and check token have necessary scopes/ permission). https://auth0.com/docs/quickstart/backend/nodejs/01-authorization

Above API authoriazatio quickstart uses express middleware. This blog post explains how to do the same in koa . https://auth0.com/blog/building-and-securing-a-koa-and-angular2-app-with-jwt/