Is registering Users and getting user meta through Management API a bad practice?

Hi,

We are building a MERN stack single page app.

We got the following use cases

• Registering users on our website without redirecting them to Auth0 hosted registration page and we are using Management API on our backend to handle user registration. In this transaction, we are also storing some additional information related to that user in user_metadata

• User authentication upon successful registration. So far Resource Owner Password Flow seems to be the best best option for us to handle the user authentication.

• Authenticating users without redirecting them to Auth0 hosted login page. After some digging, I ended up using Resource Owner Password Flow to handle the authentication through our backend.

I saw somewhere that Management API has a rate limit but as per our use case, we need to store subscription related information related to the user while creating their accounts through Management API and user_metadata is what holds that info.

Now upon authentication using Resource Owner Password Flow , we want to grab user roles, permissions and user_metadata in one API call. Is it possible?

Please help me out what are the best practices as per our use cases.

Thank you.

Hi @assadullahch

As you are aware, management API rate limits will cause you issues if you are making requests for every user. Instead of fetching this information from the management API, you can add it to the token in a custom claim.

• add roles to tokens
• add metadata to token
• add permissions to token with RBAC

Thanks very much. I will look into these and get back if I got any other question.

Thanks again!

No problem. Great, let us know.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.