I’m struggling to clearly understand the flow of obtaining user
app_metadata after an authenticated user sends a request to my
Resource Server with an
Access Token .
I’ve seen previous answers on Stack Overflow, but they didn’t clarify things enough.
For example, the information I need to obtain is users
234 ) and
Can this information be loaded on the
Access-Token ? If not, does this mean that my
Resource Server has to call the authorization server (
Auth0 ) each time to check these parameters? B/C I see that the
ID token isn’t being sent with the request.
Is this the best practice? Doesn’t this bring a latency toll to call
Authorization Server to check these details on each request?