Auth0 Custom Database

cvasquez0100 · February 26, 2019, 9:08pm

I have a small social media app build on vue.js, node.js (express), mysql. My users create an account with auth0 using an email. That email then gets added to my user’s table thanks to the auth0 custom database feature.

I know my users are already being authenticated. And I know if I wanna add more data to those users I can use foreign keys. But how do I obtain the user_id of the user that’s logged and add it to my API’s so it can display the user’s information?

markd · February 28, 2019, 4:28am

Hello @cvasquez0100,

When you receive an ID token, the Auth0 user_id attribute will be returned as the sub claim.

cvasquez0100 · February 28, 2019, 7:06pm

Thanks. I’m using vue.js mapgetters. I have the fields that I wanna display on my frontend that come from auth0. And it’s doing exactly that, but I have more information I wanna display from my own database. How can I match my frontend to my backend so it can display the correct information of the user that’s logged in from my database.

Maybe you have answer my question already but I just wanna make sure If what you suggested will help me.

markd · February 28, 2019, 7:22pm

Hi @cvasquez0100. This may be stretching my skills a bit (not an expert on SPAs & Vue) but to me it sounds like you want the following model, which should work fine:

on new user registration, use the Auth0 user.user_id attribute as a primary key in your DB,
on login, use a rule that queries your DB using user.user_id

I’d also consider creating your own unique identifier. user_id should work fine, but it is an Auth0 specific field. A possibly more portable option would be your own UUID. I have a rule below that adds a UUID to a user’s profile. It could probably be smarter but may be helpful if you want to go this route.

github.com

dmark/auth0-cli-utilities/blob/master/rules/add-uuid-to-app-metadata.js

function (user, context, callback) {
  // Generates a version 4 random UUID. Namespace UUIDs do not appear
  // to be an option in Auth0 at this time.
  const { v4: uuidv4 } = require('uuid');

  user.app_metadata = user.app_metadata || {};
  user.app_metadata.uuid = user.app_metadata.uuid || uuid();
  
  auth0.users.updateAppMetadata(user.user_id, user.app_metadata)
    .then(function(){
    callback(null, user, context);
  })
    .catch(function(err){
    callback(err);
  });
}

cvasquez0100 · February 28, 2019, 7:50pm

Thanks @markd I appreciate you replying back to my questions! So at the moment, I have something similar to your response.

When my user registers I retrieve data from auth0 to my own database creating a “users” table. I retrieve the user_id and email on my database. I use “user_id” as a foreign key with my other tables to add additional information to my user.

Now when the user logins I use my own database as an Identity provider, auth0 looks for the user in my “users” for authentication if true then the user will see the information that he/she provided when creating the account.

But the issue is, that the user is not displaying the additional information from my other tables.

markd · February 28, 2019, 8:29pm

I think there are a couple possibilities for you:

you app takes the user_id from the sub field and queries your DB itself, or
you add additional claims to your token using a rule that queries your DB.

If you are already following the second option (sounds like maybe you are) you will want to take any attributes retrieved from the DB and added them as custom claims. This will make the attributes available in the token.

cvasquez0100 · February 28, 2019, 8:51pm

You mention 1 earlier but now I understand what you mean, yes my app takes the user_id from the sub field (idTokenPayload) and queries to my DB.

I’m not doing 2, but that’s something that could work for my app. right now it checks for the user_id but it doesn’t retrieve any of the data on my database, it only retrieves the data on auth0 database that I used to sign up.

So I can add all of my additional data to my token by adding additional claims to my token using a rule that queries my db?

markd · February 28, 2019, 9:17pm

You can definitely do that, but I believe the best practice is minimize what you add to the token: restrict the token to authentication / authorization data, and query an API for everything else, though it depends as well on how much data you are adding to the token.

cvasquez0100 · February 28, 2019, 9:32pm

the extra data is about 5 tables with each table having an average of 4 rows. Do I query the API on auth0s side or on my backend? which that’s what I’m doing on my backend but it’s not retrieving the correct id.

markd · February 28, 2019, 11:49pm

Off the cuff that sounds like data that you would not want to include in the token. So your process will be:

User logs in
Rules run possibly adding custom claims to token
App grabs user_id from sub and uses that to query the DB

If that is what you are doing but it’s not working we’ll need to get more info. When you say it is not retrieving the correct id, is it retrieving the wrong one? Or none at all? Can you add some logging to show what is happening?

cvasquez0100 · March 1, 2019, 4:17am

I apologize if I didn’t say this before. But when my user logs in he sees a profile with his information being pulled from auth0 example("Welcome allstar@gmail.com) at the same time I have 5 different APIs running to provide additional information (CRUD) from my backend. Would it be possible to run those five different tables using auth0s custom claim to their token?

konrad.sopala · August 30, 2019, 9:26am

Hey there!

Sorry for such huge delay in response! We’re doing our best in providing you with best developer support experience out there, but sometimes our bandwidth is not enough comparing to the number of incoming questions.

Wanted to reach out to know if you still require further assistance?