Saving user info with implicit grant spa client and laravel api

So, fairly common situation here, but I’ve not seen an elegant solution so I’m asking.

SPA → Laravel Backend.

I’m going to use the implicit flow which is recommended. I understand it all and can get it to work just fine, but I’m at a loss as to when/how I should persist my users to Laravel. When I get the access token from the SPA, it should have the sub (auth0 id) in it, but I’m not sure when and how I should get and persist the user info to my local laravel DB which I need to do because reasons.

If every time I check the access token, I hit the auth0 api for the user info, that seems like a huge waste and takes an unacceptable amount of time.

I’m thinking to add something to the callback after login, to make a request to a laravel “me” endpoint with the data from the ID token before requesting any api data that can do an upsert on the user and then, once a successful return, I can go about requesting the data from there. Does that make sense or is there a better way to deal with that.

Hi @thaMink,

Welcome to the Auth0 Community Forum!

Between the access token and the id token you should have most of the user data that is authentication related. A lot of users will chose to store other non-authn data in a database and use the auth0 user id to look it up.

Can you give an example of the data you are wanting to access in the callback scheme you mentioned? In addition, you can add custom claims to the access token, and these can be essentially anything you would need, although the tokens can become quite large if you are adding lots of claims.

I think more info could be necessary to address this question fully. Specifically what data you are trying to access and for what.

Let me know.

Thanks,
Dan

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.