I’m wondering what is the best practice for creating new user records in my backend DB with Auth0?
Read through the documentation and forum, yet haven’t found a definitive answer so want to double-check with the community.
I’m building a web app with an SPA (React) + API (Laravel) scenario and using universal login with Auth0 with both Social (Google) and Database email/password connections, so I can’t use Hooks as they work only with Database but not with Social connection.
For now, I see two options:
- Create Rule which will send user data to my API/backend. Backend will check if this is a new user and will create a new user account if so. The user will then proceed with authentication and when that user’s API access token will eventually reach my API from SPA, the DB will already “know” that user.
Pro: I can add information if this is a new or returning user to ID token so SPA will know that right away and can react respectively.
Con: as Rules are synchronous, this can increase user waiting time and if the backend is slow or down in reply, it’ll negatively affect user experience as they will just see loading spinner with no info on what;'s happening until timeout.
- Whenever we have an unknown user ("sub’ scope) in JWT accessing the API from SPA, we can trigger Management API to request user details from Auth0 and create a new DB user record respectively.
Pro: might be faster for user experience, yet SPA won’t know if this is a new or returning user once it gets ID token until API will reply. Yet might be not that big of a deal if we’ll check that right away once SPA received the token from Auth0.
Con: we need an additional trip to Auth0 Management API and potentially (read: hopefully) can reach rate limits if we have too many concurrent new users (e.g. over 1000 per minute).
So the question is - how you solve that and what is the best practice here?