I’m kind of new to Auth0 authentication and been stuck for a while trying to figure out the best approach for my backend application to be able to “recognize” users logged-in in the front-end.
My idea is quite straightforward: send the sub claim from the access token directly to my backend.
To be fair, I’m afraid my approach is so simple that poses a vulnerability on user info.
The best practice here is to use an access token (which contains a user’s sub claim) against your backend - Your backend should verify the access token.
I definitely recommend checking out the examples at developer.auth0.com. There are lots of options with regards to tech stack that should be useful