Hello, I'm new at FusionAuth, and at auth as a service in general. I have a doubt regarding my app users registration workflow.
My plan is to have a mobile app which needs to communicate to a backend API to retrieve data. I want that backend API to not have any /auth endpoint, instead it expects to receive a JWT token signed by a trusted server, FusionAuth. Also, I don't want to use FusionAuth UI for logging or signing in users, so I was planning to use FusionAuth API.
I think I get the logging workflow with the /api/login endpoint, what I don't fully understand is how should I register a new user from my mobile app. I will use email/password registration at least at the beginning.
From what I understand, I should generate an API key authorized to make requests at /api/user/register and from there register my users when they fill the form in my mobile app, but that endpoint receive extra fields like for example "roles", so if somebody extracts the API key from my app and calls the register endpoint wouldn't him be able to register as for example an admin ?
The let me to think that I should send my auth request to my backend server, and then it forwards the request to FusionAuth in a secure way, but then again, I was expecting my backend to not perform any action related to authentication at all. I can change my expectations of course, but I want to know if my reasoning is correct or how the registration workflow is suppose to work.