I noticed this unanswered but closed question (Best Practice for storing User Profile attributes) and am really searching hard for a solution or Auth0 won’t be a suitable alternative to Azure B2C at my organization.
When storing lots of user attributes in Auth0 per the docs (User Data Storage), this incurs a major performance impact. Auth0 doesn’t provide any mechanism to efficiently query user attributes. It’s all-or-nothing.
Does that mean I shouldn’t be storing user attributes of any kind in Auth0 and instead roll my own solution to handle user preferences? Or should I limit those user preferences to very particular pieces of information? If so, what information goes in Auth0? Is there a working example project I can reference for enterprise scaling?
The docs say data should be in an external database only when it’s “data unrelated to user authentication”. If that’s the case, then rolling my own user attributes solution doesn’t match up with Auth0’s documented best-practice.
Based on some logical assumptions, the docs are wrong or don’t fit with any kind of enterprise scaling. The best practice is to always roll your own solution for user preferences unless you either don’t have the resources for custom solutions or don’t care about server load or request latency.
Is there some information someone can provide to clarify or discount my claim?
Where we ended up was storing very little information in the user or app metadata fields. We only store fields that are directly used as part of the sign in or sign up process.
ie. things like an ID reference back to our local database users table, a timestamp to indicate of the one-time onboarding experience was completed, profile image URL, etc.
After trying several different layouts it proved easiest to store the info in our local database, as the rest of our application needed this information, and we didn’t want to be hitting Auth0 APIs for this information frequently.
@mholtzman, how do you handle creating new users in your system? Do you create them directly in Auth0 and then create a record in your local database, or do you handle all that locally and let Auth0 migrate the new user during the first login?
Hello, So we let the User get automatically created in Auth0 as part of the standard Sign up flow.
We then have code in our application that on certain actions checks to see if the logged in User already exists in our system and if not it gets created.
When then have a system in our application that when a user updates their profile (in our app) we make a POST to Auth0 to update the appropriate user or app metadata fields for the given User.