Is it safe to directly send user ID to a backend DB?

Hello all,

I’m kind of new to Auth0 authentication and been stuck for a while trying to figure out the best approach for my backend application to be able to “recognize” users logged-in in the front-end.

My idea is quite straightforward: send the sub claim from the access token directly to my backend.

To be fair, I’m afraid my approach is so simple that poses a vulnerability on user info.

Thanks in advance.

Hey there @alb.blazquez.h !

The best practice here is to use an access token (which contains a user’s sub claim) against your backend - Your backend should verify the access token.

I definitely recommend checking out the examples at developer.auth0.com. There are lots of options with regards to tech stack that should be useful :slight_smile: