currently, I’m working on a little side project which is a mobile application.
I want to use MongoDB and most probably NodeJS/ExpressJS for my REST API.
I’ve read some articles about how to secure my API with Auth0… that’s fine so far.
Now to my open questions:
- My API has the connection String with, of course, always the same user. Is this a common approach? Do I need to separately secure this connection between NodeJS and MongoDB? If yes, can I do this with Auth0?
- I want to use Auth0 for user logon and MongoDB to store the actual data. For that I want to use an UUID to safe/query the corresponding user data into/from the database (my thoughts: when the DB gets hacked no one is able to linkt the data to the user). Can I use the user_id attribute of Auth0 for this purpose? Does this make any sense, anyway?
Hopefully someone can answer my questions
Thanks in advance!