Auth0 Integration Skill

This skill provides standard patterns for integrating Auth0 into a polyglot stack. It focuses on secure OIDC flows, JWT verification in Go, and efficient React state management.

Architectural Standards

1. Go Backend Integration (JWT Validation)

• Verification: Use auth0/go-jwt-middleware and form3tech-oss/jwt-go.
• JWKS Cache: Implement a caching mechanism for public keys from the .well-known/jwks.json endpoint to reduce latency.
• Claims Mapping: Map Auth0's https://yourdomain.com/roles custom claims to internal Go RBAC structures. Validate the aud (Audience) and iss (Issuer) claims strictly.

2. React Frontend Integration

• SDK: Use @auth0/auth0-react. Wrap the application root in Auth0Provider.
• Silent Refresh: Implement getAccessTokenSilently with useAuth0. Use ignoreCache: true only when a fresh token is absolutely required for mutation.
• Multi-tenant: Handle organization parameters in the login flow if using Auth0 Organizations.

3. TanStack Query Integration

const { getAccessTokenSilently, isAuthenticated } = useAuth0();