Auth0 storing a local copy of user information

I am using Auth0 for my application. I want to keep a local copy of the user information. More specifically, I just want to grab the email so I have an easy way to contact users in the future if need be.

I’m a little bit confused with the flow of things. So the user goes through the whole OAuth song-and-dance using auth0 and they’re given an opaque access token. I’m then sending up that access token to my server POST /users bearer access-token . I’m then calling the User Profile GET API with that access token. I then subsequently store that information.

The flow of that seemed somewhat logical to me, until I think about subsequent calls to one of my APIs. Let’s say I have another endpoint POST /users/{userId}/notes , how would I go about validating that the call is from the given user?

Hi!

For requests to your /users/{userid}/notes endpoint you could do the same process and call the /userinfo endpoint to verify the user making the request is the correct user.

You could also look at adding non-personal information of some kind to the access token as a custom claim, like an email address for example to identify the user. You could potentially remove the need to call /userinfo in this case.

We have information on custom claims here: Create Namespaced Custom Claims

Hope this helps!

1 Like