I’m currently tasked with migrating our entire auth flow away from our legacy implementation we maintain ourselves.
After doing a bit of research and getting started, I believe I have a overview of how this would work. However, as someone with very limited auth0 – frankly authentication/authorization altogether – experience, I’d much appreciate any feedback on my idea.
- React SPA utilizing redux for data flow, mostly interacting with a Flask API that mostly CRUDs into a postgres database
- Both the SPA and the API rely on a lot of user attributes like
disciplines, etc, none of which are important to define other than that these attributes sometimes determine which or how components are displayed and other times determine what the API does. All of this data is stored in our internal postgres database in a
Usertable which gets loaded into a Redux store after login.
- Move authentication and hopefully authorization into auth0. Playing with
auth0-reactfor the SPA right now
My idea of a solution:
- Enable automatic user migrations
- On new user registrations, add a post registration hook to populate our database with new user
- Add a rule on login, enrich the user response with these sort attributes from our database using
context.idToken['namespace' + 'attr']pattern seen in this github issue
- Remove all my redux stuff for the user and instead use the
useAuth0hook to get the user w/ these attributes and parse the attributes out with the same interface as the current redux user is accessed, then the SPA should be happy.
- Relatively simple, add api protection using the setup shown in this documentation but still have access to the user in our database should specific business logic rely on attributes mentioned earlier.
Does this seem like a viable solution or am I completely mis-using auth0 ? Likely somewhere in between, I’d gather. It feels to me, as a developer, like it could work but it’s not the “right” way to do this:
- Having to maintain the user in both our database (we also use an ORM so there too) and auth0 seems clunky.
- Keeping the two in sync will likely be cumbersome and have scaling issues.
- Having to pass up the attributes with the
idTokenpattern seems weird (I don’t understand why they have to be prefixed by a URI namespace, specifically)
Sorry it’s a longer read, but thanks for taking the time to do so and for the guidance!