Hey Everyone,
For the past few months I have been building an iOS app using Vapor 3 as my backend. Initially I was using Vapor’s authentication/authorization library that comes standard. For the most part I felt pretty good until I was recommended Auth0. As far as the app goes, it’s a very basic CRUD app. A user logs in, and the backend would be called to retrieve only the list of items for that user.
The way I have Auth0 working now is not something I believe is correct.
First the user logs in. The response containing the access token and id token comes back. The access token is in the format of a string and gets stored in my keychain. When it comes time to add or get my list, I pass the access token to my backend. My backend calls the /userInfo endpoint in Auth0 to retrieve who the token belongs to and to validate it. Once it’s validated I can get the user who made the call.
Based on a few of the things i’ve come across I don’t believe this is correct as I keep reading that my access token should not be a string and should be some longer value. I am fairly new to the concept of auth tokens and what not and can really benefit from some guidance aimed towards beginners. Most of the docs i’ve found here seem more for a person who understands authentication
My second issue that I believe I am doing something wrong is how I have implemented a friend’s list. So I want users to be able to add each other as friends, however my database is storing the userID because that is the only thing that can stay the same. Emails and names can change and I don’t know how I can keep my database sync’d. So what I do when a user goes to the friends list, I first have to get a list of all the user IDs that the user is friends with. I then call one of the management APIs and pass in each of the userIDs to get an email. I feel like this approach is wrong as well as I have to call the management API every so often. I eventually get the Too Many requests. Is that from calling the API to validate my access token or is it from the way i’ve implemented my friend list?