Is this a good way of identifying users in the backend?

TheScannerGuy · August 16, 2022, 6:40am

I have a angular SPA on the frontend and a python flask API on the backend. I’m using Auth0 to authenticate the user. So on the frontend the user logs in and uses the user information to interact with the backend API.

What I want to do is to send the sub claim of the JWT and the user’s name in each request to the API. The API will then store the sub claim as the user’s id and the user’s name so it can identify the user.

Is this the most efficient way of doing it or am I missing something? Is it also secure storing the users name with the sub claim on my database?

dan.woda · August 24, 2022, 8:36pm

Hi @TheScannerGuy,

Welcome to the Auth0 Community!

You’d typically have the SPA making requests to your backend API with an access token instead of just sending the sub/user’s name. The token lets your API know the request is legitimate.

The sub claim is how you can identify the user in your DB. The access token will include the sub claim, which your API can use to associate the Access Token/request/user with a user in your DB.

This resource covers the scenario in depth: Single-Page Applications (SPA) with API

Topic		Replies	Views
Is it safe to directly send user ID to a backend DB? Help security-question-concern , security-compliance	2	288	June 6, 2024
What is the best approach to associate user information in my backend API? Help jwt , api	2	2241	August 9, 2021
Get User Data Server Side - what is a good approach? Help spa , data , get-user-info-using- , server-api	3	7977	July 25, 2019
Best Practices for Internal User Entity with Auth0 Help apis , application	3	38	October 1, 2024
How to use opaque token in Flask Backend? Help angular , auth0 , flask	2	3686	June 3, 2021

Is this a good way of identifying users in the backend?

Related Topics