I’m working on a service where I’d like to save as little information about my users as possible. I’d like to encourage them to sign up with Google or similar for instance (for the convenience), but in an ideal world, I’d only like the external ID from the social provider to be saved with Auth0, and nothing else.
What I want to achieve is me knowing as little as possible about the users identity, but preserve the convenience of being able to use social providers etc.
Is this a reasonable idea, or am I best off solving this some other way?
You can restrict login to just the 3rd party identity providers you want to use (don’t allow email / username signup in an Auth0 hosted database). The data you get back from the 3rd party IdP varies by IdP, but you do have some control over what you get back. E.g., for Google the “Basic” and “Extended” profiles are required, but everything else is optional.
