Hello all,
I’m kind of new to Auth0 authentication and been stuck for a while trying to figure out the best approach for my backend application to be able to “recognize” users logged-in in the front-end.
My idea is quite straightforward: send the sub claim from the access token directly to my backend.
To be fair, I’m afraid my approach is so simple that poses a vulnerability on user info.
Thanks in advance.
Hey there @alb.blazquez.h !
The best practice here is to use an access token (which contains a user’s sub claim) against your backend - Your backend should verify the access token.
I definitely recommend checking out the examples at developer.auth0.com. There are lots of options with regards to tech stack that should be useful 
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.