I am building a Server Side rendered Vue application with Auth Flow on the server side (express). The implicit flow is not currently supported in okta-vue as it will not server side render (it attempts to access the window object) which means the SPA cannot handle it’s own auth.
I am looking for advice around securing the SPA routes with the existing auth that has been setup on the express application. I was considering binding a function to the router that checked for validation against a route on the server side and using the isAuth() functionality provided by @okta/oidc-middleware.
Is this a valid approach or will it leave vulnerabilities?
Thanks in advance!