Server Side Rendered App with Auth Flow


I am building a Server Side rendered Vue application with Auth Flow on the server side (express). The implicit flow is not currently supported in okta-vue as it will not server side render (it attempts to access the window object) which means the SPA cannot handle it’s own auth.

I am looking for advice around securing the SPA routes with the existing auth that has been setup on the express application. I was considering binding a function to the router that checked for validation against a route on the server side and using the isAuth() functionality provided by @okta/oidc-middleware.

Is this a valid approach or will it leave vulnerabilities?

Thanks in advance!