We’d like to use Auth0, but retain user management, i.e. continue using our own Users table in our Postgres database.
This article shows how to do that with a custom database: Connecting PostgreSQL to Auth0 Custom Database
but one requirement is the database needs to accessible on the internet. That of course is a security concern.
One way we’re thinking it work around this is use Auth0 for authentication and upon successful login and redirect to our web app, we can then use the email address to get the user from our users table and set the session to the user as normal in a native authentication flow.
Is this a reasonable approach? Any downsides or gotchas to it?
It is possible.
All you need to do is collecting user information which will be provided by Auth0 Library. The step by step is following detail:
- End-user authenticate in Auth0 side, it will be more friendly if you configure the custom domain
- Collect user information with Auth0 Library, it depends on the technology used, you can find the documentation under navigation: Application > Application > Quick Start
- User information will be include the user_email, extend from it and make the query to get user profile by your internal connection
Hope this helps.
Thanks @mj.phong . But I wasn’t asking about how to do it, I was asking if it’s a good idea. Are there any security risks with that method? Thanks.