I’ve been able to create and properly route a new React application in such a way that the protected parts are behind a login screen - so far so good. In terms of user registration however, the flow is a bit unclear to me.
According to the docs, I suspect that the best endpoint for letting users register is the one documented under Create User with Password. However, this API endpoint requires an API token - meaning at the very least you’d need middleware if not backend to hide this token from being utilized. It makes sense, you don’t want people to find your API+token and just spam it with registrations. After creating a test proxy using Express, I’m now getting redirects to /oauth2/authorization/okta which I’d like to avoid to keep users within the page.
My questions are then:
Is this the intended API flow for registering new users?
Is there any shortcomings of this approach?
What is the purpose of the redirect being sent? Can it be disabled?
Thanks