I’m using Auth0 to manage and authenticate the use of 3rd Party API. We have the Social connection setup so that users can login with that 3rd party. In our app we need to make authenticated calls to the 3rd party about 60x a sec, usually this would not be a problem, but since our architecture is serverless we would need to call the Management API every call. this would far exceed the Auth0 rate limit, thus we need to cache the social connection access token. We’re using Vercel and redis store to store the access token for that 3rd party, where the key would an identifier and the value being the 3rd party access token.
Once the user logins with loginWithPopup, whats the best way to identify and store the tokens? we would have a
/storeToken endpoint that takes a token that would call
getUser and send that payload to the DB. Then for the following calls to our api we would pass that same token to lookup in our DB so we can make authenticated 3rd party calls, but between
getTokenSilently() what is the most secure token to send to that endpoint?