I’m new to Auth0. I have following questions about the PostLogin Action.
First of all, I will explain my use case:
I want to store more information about the user that signed in for example: first name, last name and so on. Therefore the PostLogin Action does a redirect to an own Angular app. This additional user information will be stored in a private database. For the private database I’ve created a GraphQL API to manage the data.
The GraphQL API is secured by an JWT access token.
I’m not sure how to store the additional user information securely.
Should I do a request from the Angular App to store the data in my database?
Should I create a JWT with the data as payload and send it back to Auth0 continue Action and the Action will call my GraphQL API to store the data?
If I choose the second solution, I need to build a server-side function to create this JWT and how do I secure this server-side function?
Generally I don’t have an access token on this workflow, so can I use the JWT that was created by the PostLogin Action to call the GraphQL API?
I hope I point out my problem clearly so that you maybe have a solution for me.