Is this a good way of identifying users in the backend?

I have a angular SPA on the frontend and a python flask API on the backend. I’m using Auth0 to authenticate the user. So on the frontend the user logs in and uses the user information to interact with the backend API.

What I want to do is to send the sub claim of the JWT and the user’s name in each request to the API. The API will then store the sub claim as the user’s id and the user’s name so it can identify the user.

Is this the most efficient way of doing it or am I missing something? Is it also secure storing the users name with the sub claim on my database?

Hi @TheScannerGuy,

Welcome to the Auth0 Community!

You’d typically have the SPA making requests to your backend API with an access token instead of just sending the sub/user’s name. The token lets your API know the request is legitimate.

The sub claim is how you can identify the user in your DB. The access token will include the sub claim, which your API can use to associate the Access Token/request/user with a user in your DB.

This resource covers the scenario in depth: Single-Page Applications (SPA) with API