Auth0 and Angular Pages

I’ve read the tutorial for Auth0 and it looks very interesting.

I understand that it assumes a web app all served through Workers, indeed mentions an example about how to deploy a react app with Workers.

I have an Angular app but - more importantly - I have used Pages and not Workers for the static frontend part. The frontend is then calling the API backend that is implemented via Workers.

Now, what should I do to integrate Auth0 in my case? I’m afraid that either I switch from Pages to Workers or I should manage the login and logout from Angular. I’ve found the Auth0 tutorial for Angular and it seems clear as far as a pure frontend SPA is concerned: but how to call my Cloudflare Workers API now from Angular?
Should I just follow the Auth0 backend API tutorial in the node.js express flavor? Well, nope… I guess I should combine it with the above said Auth0 Cloudflare specific tutorial but again it’s not immediately clear how to adapt/change it from the full frontend+backend Workers use case to the backend only Workers case (plus frontend in Pages).

Any suggestions would be much appreciated.

I believe that the most relevant paragraphs - for the backend part that remains valid in my scendario - are

  1. Persisting authorization data in Workers KV

  2. Verifying the token and retrieving user inf

Especially for the second part I think - since using the express auth libs is not possible in Cloudflare workers - I still have to implement the authorization part to verify the scope from the received token with my own code (unless someone point me to an already shared sample doing this for Cloudflare): hopefully it should be as easy as parsing the scope part of the json: my idea is that the scope should be present in the userinfo retrieved in the verification from github sample so one should be able to check it together with the access token.
On the frontend side I must implement the API call from Angular: I’m reading this Dan Arias blog post paragraph about it at the moment… the part where they say

Your Angular application needs to pass an access token when it calls a target API to access protected resources

and explain how to do that with an AuthHttpInterceptor (find it also in his github repo).

Ok a couple of things for the API Workers backend.
A specific Authorization must be added for CORS as I’ve found here.
Second, fundamental thing is that the authorization bearer must be retrieved from the headers of the request and decoded calling the auth0 userinfo endpoint

const bearer = request.headers.get('authorization')
const headers = {
  authorization: bearer
const server = "https://YOUR_DOMAIN/userinfo"
const auth0resp = await fetch(server, { method: 'GET', headers: headers})
const decodedToken = await auth0resp.text();

Then you have all: sub, nickname, email… to proceed (ping back to my topic in auth0 community )