Best practice for migrating user ids

victoryun · February 17, 2021, 7:16pm

Hello,

We were wondering what the best practice is for migrating user ids. Currently, we are using a system of randomly generated user ids (~20 characters). I know that auth0 generates an identifier that looks like this 102437854499766869014 (21 characters).

In terms of security, we looked into uuidv4 which looks like ad076419-fde7-4940-b18c-1d86607491f0 and we weren’t sure what the best practices are for migrating these ids.

Should we migrate the current ids (~20 characters) into auth0 and use auth0’s generated ids in the future or keep our own set of ids?

Thanks!

stephanie.chamblee · February 18, 2021, 8:33pm

Hi @victoryun,

Thanks for joining the Community!

Auth0 stores user IDs as {identity provider id}|{unique id in the provider} or facebook|1234567890. This way within a tenant, a user’s ID will be unique.

If you plan to use a Custom Database , then the most important thing would be to structure the ID in a way that the IDs will not collide, for example:

function login (email, password, callback) {
  var user = getUserFromDB(email);
  var profile = {
    user_id: 'MyConnection|' + user.id,
    email: user.email,
    [...]
  };
  callback(null, profile);
}

If you’re interested in how you might use a UUID in user metadata in order to identify users in a universally unique way (not just unique within a tenant), you can take a look at the answer in this topic: Using another user identifier (UUID) than the user_id - #2 by jmangelo

Please let me know if that is the info you’re looking for. Thanks!

victoryun · February 18, 2021, 9:19pm

Thank you, I was wondering if I were to store a uuid (that I use in my DB) in app_metadata, is that feasible and secure?

stephanie.chamblee · February 19, 2021, 11:13am

Yes, you can use app_metadata to store external IDs associated with the user. It is recommended as one of the uses in the docs: Understand How Metadata Works in User Profiles

The app metadata is not automatically exposed to the application in an ID Token, but you can return it to the app by adding a custom claim: How to get user_metadata and app_metadata in id_token - #3 by James.Morrison

system · March 6, 2021, 11:14am

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How user_id at auth0 created Help	8	8900	February 21, 2020
Importing User IDs from Another IDP to Auth0 Help user-management , user-import-export	1	793	September 1, 2023
Storing ID Best Practices -> Relationships in Database Help auth0 , api	3	5678	December 30, 2019
Meta data changed in source system Help auth0	6	4234	September 5, 2019
Using another user identifier (UUID) than the user_id Help user-creation , uuid , user_id	10	19385	March 2, 2018

Best practice for migrating user ids

Related Topics