Is this a good way of identifying users in the backend?

dan.woda · August 24, 2022, 8:36pm

Welcome to the Auth0 Community!

You’d typically have the SPA making requests to your backend API with an access token instead of just sending the sub/user’s name. The token lets your API know the request is legitimate.

The sub claim is how you can identify the user in your DB. The access token will include the sub claim, which your API can use to associate the Access Token/request/user with a user in your DB.

This resource covers the scenario in depth: Single-Page Applications (SPA) with API

Topic		Replies	Views
SPA + Rails API passing auth0_id from front end to back - Best Practice Get Help	6	3621	July 3, 2019
Is it safe to directly send user ID to a backend DB? Get Help security-question-concern , security-compliance	2	437	June 6, 2024
What is the best approach to associate user information in my backend API? Get Help jwt , api	2	2339	August 9, 2021
Get User Data Server Side - what is a good approach? Get Help spa , data , get-user-info-using- , server-api	3	8075	July 25, 2019
Extract user_id from token in backend Get Help jwt , auth0	3	2632	January 19, 2021

Is this a good way of identifying users in the backend?

Related topics