I applaud this and wish you luck. I'm a big cheerleader of Auth0 and have used them in the enterprise setting and in side projects. They do a lot of things right and have such promise for becoming the "why would you choose anything else" solution. They have all the mindshare of JWTs by owning jwt.io. But I must say that the documentation is truly awful, and I think that leaves them vulnerable for a competitor.
The core API docs are good, like the Management API Tester page. But the walkthroughs and general documents are full of broken links, inconsistent use of language, and varying levels of precision in how things are explained. You end up Googling for answers, finding community responses, and having to piece things together.
The way things are called APIs versus Applications is confusing no matter how you put it. Then they are sort of ambivalent in places. For example, look at the SPA guides. Sure, it'll walk you through the Implicit Flow for SPAs, but elsewhere they second guess themselves and say you shouldn't use Implicit Flow for SPAs. Instead, they say create a "Normal Web App". But good luck finding that specific article again just because you came across it once!
If anyone in Product or Biz Dev at Auth0 is reading this, I would urge you to make a case for "even easier mode" that abstracts a bit more and comes with better documentation. I found myself doing so much token management and head scratching about ID versus access tokens that I felt like I need to be a technical expert on the standards just to follow the directions and feel like my app is secure.
Auth0 has potential to actually solve identity in an easy way, but they are not meeting that promise right now, and that is your opportunity.
The core API docs are good, like the Management API Tester page. But the walkthroughs and general documents are full of broken links, inconsistent use of language, and varying levels of precision in how things are explained. You end up Googling for answers, finding community responses, and having to piece things together.
The way things are called APIs versus Applications is confusing no matter how you put it. Then they are sort of ambivalent in places. For example, look at the SPA guides. Sure, it'll walk you through the Implicit Flow for SPAs, but elsewhere they second guess themselves and say you shouldn't use Implicit Flow for SPAs. Instead, they say create a "Normal Web App". But good luck finding that specific article again just because you came across it once!
If anyone in Product or Biz Dev at Auth0 is reading this, I would urge you to make a case for "even easier mode" that abstracts a bit more and comes with better documentation. I found myself doing so much token management and head scratching about ID versus access tokens that I felt like I need to be a technical expert on the standards just to follow the directions and feel like my app is secure.
Auth0 has potential to actually solve identity in an easy way, but they are not meeting that promise right now, and that is your opportunity.