Auth0 Home Blog Docs

Integrating with backend database


#1

Somewhat of a beginner with Auth0 here!

Ive set up auth for a single page app for vuejs/express using the tutorial. So far this has worked fine.

I have a mongodb database that contains the user info that I don’t want to store in Auth0. My understanding is that this should be keyed by the Client_ID as this is unique to the user. I believe this should be done by using rules, and calling some sort of “new user” api on my app. The only issue is, is how do identify that Auth0 is calling it? For instance, this would be the process I think:

User goes to site -> Sign up using Auth0 -> Rule calls “new user” Api on my backend -> User logged in

For the highlighted part, how can I identify that auth0 is calling my API, not some random person.

Additionally, once that is done, it is unclear to me how I can get the client_id from the user. The examples I saw used jwt to create the node “authCheck” middleware. This checks the token, but how can I get the client_id to get the data from my internal database? If someone could point me to a tutorial or article that would be great! I admit I am getting a little lost with the amount of various tokens, ID’s and other things.

Thanks!


#2

Simplest is to generate a secret - and include that secret in your rule as a parameter passed to the API call. If the secret is what you expect the call is from auth0 – if not its rogue and ignore the call. This is assuming you are passing over HTTPS and preferably a post.

Second question is more specific to your api tech – so cant help you there


#3

That’s for your reply, this sounds sensible and I will look into it. Re. The second point, what I mean is, how do I use the “Bearer” access token, to find out the client_ID from auth0. Without this I can’t link the user to the data I created in step 1. Essentially I am looking for a way to go from:

Access Token -> client_id & profile