We have been looking for an OAuth solution in the market and Auth0 perfectly fits the bill. Except a small concern. From what I have seen, it seems like Auth0 stores user profile information as users are authorised. There is a concern over user information not being shared to a third party and we are looking at ways to authorize users without storing user data in Auth0 itself. Is such a thing possible. We will be supporting SAML, OIDC and LDAP on the client side and token based authentication on the server side for services. Is it possible to go ahead with Auth0 and the above authentication protocols without storing any user data on Auth0?
It’s not possible, at the moment, to keep Auth0 from storing the user information. You can, of course, restrict the information asked (or provided) by the downstream identity provider to a minimum, but whatever is received is stored.
If storing information in our servers is a concern you might want to explore our other deployment models where Auth0 can run directly in infrastructure controlled by you.
I was not aware of the deployment models! Thanks for the info and the link. I believe this should help us in proceeding with Auth0. Time for some discussions