I’m using Auth0 to authenticate and authorize users in my cordova app using Auth0 Cordova plugin https://github.com/auth0/auth0-cordova.
The app supports two type of users, A and B. When the user logins for the first time (a signup), the type is “unknown” and the user must select a type, either A or B. Once the user selects a type, it needs to complete a form with some required information. An account gets created in our database ONLY after the user finishes the form (where it has to select either type A or B). This means that the user is an Auth0 but may not have an account.
The JWT token contains some information that we inject via a Rule that we later use to provide access do certain data in our Database.
The problem I currently have is that, when the signup happens, we do not have an Account yet, meaning that I’m not able to inject the Account ID in the JWT token, and the user does not have access to certain data in our database.
The current solution I have is very simple, when the user signs up and complete the account, I perform a logout and I ask the user to verify the account and login again. The UX is not great, but “it works”, because, when it logs in, Auth0 makes a request via a Rule, and grabs the account id.
Another solution would be make the Auth0 id (i think it’s called sub) the ID in the database, and only provide access to the data via that ID, as a key field, but the problem is that the database already exists, and there are a lot of tables depending on an uuid instead which is auto-generated.
My thinking right now is maybe I can re-generate the JWT token after the user signs up. Ideas?