I’m using a react front end app with a backend API server (on node). Its an admin interface for car dealerships. I use a call to the user Info endpoint in order to retrieve user and app metadata when a request is made to the API. (Basically storing info in the metadata indicating which dealership the user belongs to in order to determine if the user has access to a specified resource on the back end).
However, I realized that the ‘userInfo’ endpoint is throttled to 5 calls per minute.
So my solution does not seem scalable at all since I have to make at least one call per login even if I cache the user information. Can you guide me to a better solution to getting user and app metadata on API server?
There are many different solutions to this problem.
The solution our organization has taken is to use Auth0 only for authentication and then storing the details of anything they have access to in our backend database.
So in your case you would store the relationship between a user and a dealership in your backend DB which you load on every request. This way Auth0 is purely for authentication purposes and not authorization purposes.
Yes, I am currently inclined to use the same strategy as well.
I was hoping Auth0 would have a more rounded solution on how to use roles and scopes (authorization). But since i’m unable to find any good documentation regarding this, the safer option might be to handle authorization in-house.
I just saw your thread. I think it will be super valuable for our product team to see such feedback. Can I kindly ask you to share your feedback step by step using our feedback site so our teams can make us of it in developing further improvements for the product? Thank you a lot!