Sorry for the late response, didn’t mean to leave you hanging! I’d say there are three ways to go:
-
When a user logs in, normally you’d find their user ID in your database. So, in the rare case you don’t (read: they’re a new user), use the data in the ID token to add them to your database
- Or, as a slightly different way of doing this, if you don’t find them in your database, make a call to the Management API with the user ID from the access token and add the user to your database
-
Don’t store any user info in your database and always use a server side Management API call to retrieve it
-
Create a rule in Auth0 that, on first login, contacts your application server and tells it what data it needs to add to the database. That way, once all the rules are run and the user is redirected to your app, the info is already in the database
I think those are your best ways to go, as they require the least amount of work and can be invisible to your user and the front-end application (I’m assuming you’re talking about a SPA with an API, but it would work basically the same for a regular web application).