I know this maybe a stupid question but I am new to Auth0. Lets say If I was to make a e-commerce site. How would I tie the user stored in Auth0 to their stripe Id. How would I also have a order tied to a user stored in Auth0. On tutorials I have seen , it just shows users being able to login and do anything as long as they are logged in. But how would I make it so a user could only do a certain thing under their name like only post certain things and have that post stored under that user. Or if it was an e-commerce site have there orders stored under their profile.
For example if I had users stored in my database I could access there info from my database and have there orders stored in a order table connected to users. How would I do this in Auth0.
thanks in advance ,
jay
You won’t want to store order information in Auth0. Information stored in user_metadata and app_metadata should ideally be identity and authorization related data only, maybe with demographic stuff in user_metadata. Auth0 does not replace the need for an application database. Rather, Auth0 is the glue between your Identity Providers / identity repositories and your applications & APIs. (Auth0 can also be your identity repository as well if you like)
The usual model is: you have some concept of roles stored in a user’s profile, say a list of assigned roles stored in app_metadata.roles: []. You can then feed the list of roles to an application by adding the roles list to the user’s token. It is then up to your application to interpret the roles list and allow / deny access as appropriate.
You could store a user’s Stripe ID in metadata as well. Whether you should and how you would do it depends on your use case.
Thank you for your response. Just wondering , So I can use the user_meta data to determine who the exact user is and link them to their own profile in my app. So If I store their orders in my own database , should I have a reference in the database that includes the user ID so wen the user is authenticated that User can get there order list from the database by using their user Id. Could I also store the stripe ID in there too.
thanks again.
Jay
Hi John,
I think we do something like what you are talking about. For one of our applications, we store an application specific username in the user’s app_metadata. I would suggest using app_metadata for this, not user_metadata. app_metadata is for attributes the user should not be able to edit themselves.
So you could have something like:
{
"app_metadata": {
"your_application": {
"username": "janedoe"
}
}
}
When the user logs in you will want to include that username attribute in the claim you send back to your application. You can use a rule to do this.
Thank you very mark. This has made it much more clearer now.
Another question though…
If I am using the auth0 lock, Can I add my own logos in and remove the powered by Auth0 banner at the bottom.
Yes, you can add your own logo. As far as removing the “Powered by Auth0” banner – I’m not sure if you can remove that.
Hey johnjmac49. If you’re trying to get a JWT from Auth0 that allows access to your own API and database, I’d look at the Auth0 backend tutorials. You’ll need to receive and verify the JWT, then implement the authorization logic within your backend code.
For example, in .NET you could create an authorization attribute that authorizes a user to access specific parts of your API.
[MyAuthorizationAttribute(read:myapi)]
public class MyController : ApiController {
public IHttpActionResult Get(int id) {
// your GET endpoint logic here
}
}
Hello royce ,
I was thinking of using a grapqhql api from express to connect with my front end which will be react. For a custom UI instead of lock how would getting the user meta data be different then from using lock and if I have a user signing in and wanting to see particular stuff that only they should see like orders or saved posts and stuff . Should my application get there user name via app user met data and store a reference of there username in my db that is associated with the data like saved posts and orders. For example if I hadnt used auth0 and used passport JS , I would have the users stored in my db and could just use an association with the saved orders or saved posts by joining the tables Users and Orders with user id as a primary key.
@johnjmac49
Apologies, I can’t really speak on what you should/should not store in your database. I’d definitely advise against duplicating information present in the Auth0 user data if at all possible, since you can always call out to the Auth0 API from your backend to get that info (assuming you’re not making those calls at rates that Auth0 might feel the need to throttle). What you store in our own database will be dependent on your needs.
I’d strongly recommend looking at the Auth0 documentation. These questions are mostly (if not entirely) answered in the docs. Just pick your technology of choice and read through the quickstarts.
Hey there!
Sorry for such huge delay in response! We’re doing our best in providing you with best developer support experience out there, but sometimes our bandwidth is not enough comparing to the number of incoming questions.
Wanted to reach out to know if you still require further assistance?