Beginner question - how can i store some user id in my db, and what about cookies?

justbeginnerguy · March 19, 2023, 6:52pm

Hi,
I am migrating my user management system, from my own JWT-based, to Auth0.
For simple example, lets say that i have/had two tables:

Posts, with columns: “Content”, “Date”, “Username”
Users, with columns: “ID”, “Username”, “PassHash”, “PassSalt”
For now, every post entry in database, has Username field, in which i was storing username of user which created this post. I was obtaining that username, based on my own JWT Cookie, with some Claims.

So, i have got two questions:

How can i now save some user id/username/anything that can point to specific user at Posts table? What should i use? Of course i don’t mean asking You about usage of Entity Framework, but asking about what value i am looking for, and how to get that value after successful user login
If i want to get usernames for all of stored userids, what is the best/most effective way to do that? For example i will need to show a lists of users posts in a table, and there will be “user name” column, in which i will need to show user names of specific post. How to make it in a best possible way?
How can i maintain cookies? Do i need to maintain them? For now i have copied a lot from Auth0 .net core mvc quickstart guide, and everything is working, but while this code:

public IActionResult Profile()
        {
            return View(new UserProfileViewModel()
            {
                Name = User.Identity.Name,
                EmailAddress = User.Claims.FirstOrDefault(c => c.Type == ClaimTypes.Email)?.Value,
                ProfileImage = User.Claims.FirstOrDefault(c => c.Type == "picture")?.Value
            });
        }

is indeed working, when i’m trying to get all of these values inside other razor page, for example with:

User.FindFirst(ClaimTypes.Name)?.Value

I am always getting null. What am i doing wrong?
Program.cs:

    var builder = WebApplication.CreateBuilder(args);
    builder.Services.AddAuth0WebAppAuthentication(options =>
    {
        options.Domain = "XXXXXXXXXXXXXXXXXXXXXXXXXXX";
        options.ClientId = "XXXXXXXXXXXXXXXXXXXXXXXXXXX";
    });
    builder.Services.Configure<CookiePolicyOptions>(options =>
    {
        options.MinimumSameSitePolicy = SameSiteMode.None;
    });
(...)

Do i need to implement some middleware, to keep data recieved from Auth0 after login into some cookie?

Thanks in advance!

dan.woda · March 23, 2023, 4:46pm

Hi @justbeginnerguy

You can use the Auth0 user ID (present in the token as the sub claim).

There are different approaches here, but I suggest storing this info in your DB if it is linked to non-auth data like user content/posts. It’s possible to use the Auth0 management API to retrieve a list of users, but you will need to handle rate limits and do it via rest API and will need to reach out to your DB to get the user’s post anyway. It may be simpler to just use your existing DB.

Auth0’s SDKs usually handle the cookies for you. None of our quickstarts require any manual cookie settings or storage.