but one requirement is the database needs to accessible on the internet. That of course is a security concern.
One way we’re thinking it work around this is use Auth0 for authentication and upon successful login and redirect to our web app, we can then use the email address to get the user from our users table and set the session to the user as normal in a native authentication flow.
Is this a reasonable approach? Any downsides or gotchas to it?
All you need to do is collecting user information which will be provided by Auth0 Library. The step by step is following detail:
End-user authenticate in Auth0 side, it will be more friendly if you configure the custom domain
Collect user information with Auth0 Library, it depends on the technology used, you can find the documentation under navigation: Application > Application > Quick Start
User information will be include the user_email, extend from it and make the query to get user profile by your internal connection