Authentication API vs Management API for getting logged in user info

Hey there,

I am new to Auth0 and have just implemented the Authorisation Code Flow via Go by following the quickstart here. I think Auth0 is amazing product and really enjoyed the hassle-free implementation for a regular web app.

Our tech stack is Go + Echo, so I had to change a bit the provided example as it uses chi.

Our goal is to get user information for the logged in user from within the web app, so that we can grab its unique identifier, email and name and put them into our own application database so that we can have an entrypoint for app specific table relations.

We want to obtain this info on the backend (Go) during runtime and persist the info in our database. What is the best practice here - do we use the Auth API or the Management API, what are the consequences?

We also suspect we can also get most of the needed info from the user profile claim obtained in our callbackHandler function. This seems like the fastest option, however is it also the most secure and viable one?

Many thanks! Looking forward to your answers!

Hey there @valevaws welcome to the community!

Awesome :smile:

The easiest route from your backend is to call the userinfo with a user’s access token. The Management API is feasible, but definitely more involved.

You could indeed also rely on the claims within the ID token, but these could vary as opposed to the full data from /userinfo.

1 Like