Auth0 Home Blog Docs

Is it ok to expose user_id to public?

user_id

#1

Hi,

Correct me if I’m wrong: there’s the user_id field in Auth0 response which is the user primary key (as far as I’m concerned, not the internal systems in auth0). Now is it ok and safe to expose it to public? I need to provide some sort of user profile functionality which others can see. Thanks.


#2

Hey there @rad.wildrydes.d2ecf5. I checked with our TSE team and confirmed that ideally you would not want to over publicize the user primary key to be safe, however you could utilize the user’s email address and share/reference that in a public environment. Please let me know if you have any further questions.


#3

Yup, I have the same feeling. So the issue is I need to maintain some user-specific info (let’s call it profile) on my side. I don’t like to make user_id as the primary key. it makes it two columns. Then I don’t want to expose my primary key (essentially a int or long number), so another column for public ID. That’s why I asked this question.
The email is not an option since a user might have two email address. Any other suggestion? (I got the answer to the question anyway :slightly_smiling_face: )


#4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.