I am using a field in app_metadata to display the correct things to the user who has just logged in (it’s a single page web app). Is it good practice to send this field in the token via a rule? Or a separate API call? I’m having trouble finding out what the best practice for my system to receive users’ app_metadata is… Would be grateful for any help…
Hi @TuanaCelik,
Welcome to the Community!
You can use either. Which one you choose is mostly going to depend on how much app_metadata each user has. Typically the data in the token should be limited to authentication-related info, like a subscription tier or set of user’s roles. If the data can continue to scale up you may run into an issue with the token being too large. You want to avoid using the app_metadata or user_metadata in place of a dedicated user DB. I don’t have a specific size, but if you are concerned about it then a separate call may be best.
Hope this helps,
Dan
Hope this helps,
Dan
1 Like
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.