I’m working on an RSS reader and want to use Auth0 for my user management. I want to make sure that logged in users are only able to see their own data. I think I know how to implement this (check the “sub” field on the access token and look for it in my resource server database).
How would I handle user signup this way? Would I have to write a script that pings Auth0’s managment API to grab the auth0 userID and write it to my resource server database everytime a user signs up? What’s the right way to do this?
a1Learner,
The beauty of JWT tokens and Auth0 is the ability to amend user_data and app_data to Auth0 users. Or, custom properties that are attached to the Auth0 users.
Just one of many ways is that you can store the GUID of the resource/user in the Auth0 user as app_data. When you get the JWT token you can look at the app_data and know what it relates to on your resource server.
When you get the token you only need to verify the token. If you stored your GUID as app_
data when you created the user you will get it back in the profile each time they login.
Thanks michael,
Would you be willing to point me towards the part of the documentation that explains how to edit app_metadata and user_metadata programmatically? I’m having trouble finding it. I’m using React for my front end and python for my backend if that is relevant
You can use a Post User Registration Hook to do the necessary operation on your database. The Hook will have the user_id attribute, hence wouldn’t require you to make a call to the Management API. Read the Hooks documentation for more info: