For my MERN stack application with next js I am currently using @auth0/nextjs-auth0 on the frontend for the user to login, then the user object can be used to authenticate on the frontend which has the information of:
email:
email_verified:
name:
nickname:
picture:
sid:
sub:
updated_at:
I am at a point now where I need to authenticate users calls to the server through middleware.
I have spent quite a while trying different implementations but nothing seems to be working.
Do I need to request an access token for each user after they login? How can I do that?
And what is the best way to authenticate the user through my server middleware?
bonus question: I am currently using the user.sub as their unique identifier when I add them to my database so I can relate their data to their auth0 login account, is this the best way to do it?
Whenever a user successfully authenticates with your app, an access token is issued. This means that each authenticated user receives an access token to access your application. You can use the getAccessToken() method to retrieve this token.
You can specify the API in the audience query parameter to authenticate users against an API using the authorization code flow. In the handleAuth function, you can configure your environment variables to include the audience.
Yes, the user.sub claim refers to the user_id, which is an immutable, unique identifier associated with a specific user. This should be fine.