Struggling with some concepts on implementing Auth0. I have a backend that currently implements ASP.NET Core, though passwords were hashed before this implementation, so I use a custom password validator.
So I have:
- a website that users log onto to manage their account, place orders, etc… (ASP.NET Core Identity)
- A custom database that stores customer data, orders, licenses, etc…
- I also have a WinForms app that (currently) calls to a web service and just passes username/password to activate software, etc…
- Coming mobile app (which is what is driving the migration to IdaaS)
Originally I was going to just going to put IdentityServer on top of my custom stuff, but, I’d rather be hands off so Auth0 seems like a better bet.
Struggling with a few concepts on the implementation.
Let’s start with one of my bigger issues. I will obviously update the Winforms app to use the auth0 login flow. However, I have old users that are incapable of upgrading for various reasons so I need to keep this web service in place at least for a while. I planned to update my webservice to validate the username/password through the Auth0 API instead of my own database, but this seems like its been deprecated and no longer functional? Is that correct? This is problematic.
New user wants to place an order from my ASP.NET Core website. They hit the auth0 login screen and register there. How do I instantly get them into my custom database? It looks like there are hooks and things, but I don’t really trust that in case something goes wrong. In the ASP.NET Core default templates, if you register or logon with a social connection, FB, Google, etc… after you authenticate it sends you to a “Great, you’ve authenticated, but now you need to create your account”. Is there such a sample for that? Is that the best way to go? Seems so… does anyone else have a similar implementation or another approach that works better?
For existing users I’m thinking of just doing the bulk import from the import tool and forcing a password reset rather than the trickle migration? This isn’t really a question more of a thought. Has anyone done this and regretted it?
Password changes, profile updates, etc… do I just keep my existing ASP.NET Core pages in place for this and call to the Auth0 APIs to do this?
For username/password logins (existing users), how do I let them add social connections so they can login with either/or? This is a current capability in ASP.NET Core Identity but don’t see a similar concept in Auth0.
Profile data. Where’s the “line” as far as what I should store in Auth0 vs my own db? First name, last name, etc… but I also have shipping addresses, billing addresses, gender, birthdate, “where’d you hear about us?”, obviously there will be some duplication in data such as name, but just curious where others have drawn the line as “this is what’s in Auth0, this is what’s in my CRM”
Importing users with social connections: It seems like you can’t import social. Is this something that can be added later? I have another app where there are users that only have social connections. I can pull this info cleanly to the bulk import tool but obviously need to import social connections. I’d like to move it to Auth0 as well but see a path unless this is possible.