I am first time user of auth0. I was able to create end to end flow between react front end and spring boot api by creating application and then API.
However few queries:
- How do i enrich metadata for user from spring boot, to update say payment plan ?
- I am currently using access token received from front end to call management api to get user info ?
- What is best way to save userID received during login process from backend spring boot services ?
This is my first time, so need to know if auth0 is secured enough, and above mechanism are secured too with jwt ?
Hi @cycoraxdev,
Welcome to the Auth0 Community!
You will want to request a management API token in your backend application and update the user via the management API.
https://auth0.com/docs/users/metadata/manage-metadata-api
The token you get is intended for the /userinfo endpoint. You could also use an ID token.
You can get the user id from the token via the sub claim.
Thanks Dan. So we should always use Management Token to Update User or its metadata from backend ?
So when user logins once, we should call saveUser on our backend with access token and extract sub claim and save it you meant ? How to identify if it first time user registration ?
It is possible to update the user_metadata from the frontend with a SPA management API token, but you will not be able to update the user’s app_metadata from frontend app.
If the the specific sub claim does not exist in your user db then you can assume it’s a new user. Make sure you are validate the token is a signed token from Auth0.