So, fairly common situation here, but I’ve not seen an elegant solution so I’m asking.
SPA → Laravel Backend.
I’m going to use the implicit flow which is recommended. I understand it all and can get it to work just fine, but I’m at a loss as to when/how I should persist my users to Laravel. When I get the access token from the SPA, it should have the sub (auth0 id) in it, but I’m not sure when and how I should get and persist the user info to my local laravel DB which I need to do because reasons.
If every time I check the access token, I hit the auth0 api for the user info, that seems like a huge waste and takes an unacceptable amount of time.
I’m thinking to add something to the callback after login, to make a request to a laravel “me” endpoint with the data from the ID token before requesting any api data that can do an upsert on the user and then, once a successful return, I can go about requesting the data from there. Does that make sense or is there a better way to deal with that.