Is there any problem with revealing user id in network request like is it ok from your side or we should not use user id in network request
I don’t believe there is an issue as I’m seeing an example in our docs of doing this (Get Management API Tokens for Single-Page Applications). The user ID is revealed in the ID Token and (and most Access Tokens) in network requests that Auth0 returns.
Like what I am trying to do is I using auth0 user Id to maintain another 3rd party users data so is it okay to reveal autho0 userid with other 3rd party api service
To make sure I understand, you are maintaining your user’s data in another 3rd-party service, correct? Is the third-party service protected/private to your account?
Yeah we are on the same page
I am using 3rd party service to store users activity such as likes and comments and using the auth0 to map it as user activity
We have many 3rd-party integrations that do this in our marketplace (https://marketplace.auth0.com/), and so this sounds appropriate.