I understand that ID tokens are not meant for authentication/authorization of an API. But is it ok to send an ID token along with the access token to an API? If we use the access token for authentication/authorization, is it ok to use the ID token to store some of the user properties in a database for example? This would avoid having to make a separate call to /userinfo in the backend API.
Related topics
| Topic | Replies | Views | Activity | |
|---|---|---|---|---|
| API is converting username to lowercase | 6 | 6146 | March 2, 2018 | |
| Lower case user Id in profile or custom registration rule to make sure user_id is all lower case | 3 | 4382 | January 4, 2019 | |
| Feature request: add option for case sensitive username | 2 | 3437 | January 9, 2020 | |
| Auth0 Application Users Have Email and Username Saved in the Lowercase | 1 | 2758 | June 7, 2022 | |
| Search for Users by Email with Auth0 Management API Endpoint | 1 | 775 | January 31, 2024 |