Secure way to authenticate auth0 custom database get user request on server side for lazy migration?

vprasanna · August 11, 2022, 7:51am

Now we are really concerned about securing our custom API what will provide user details for Get User request.
We have a API which returns user details and we want to use that in custom getUser database script.
We wanted to understand auth0 recommended approach to protect that endpoint.

One way is to, create auth0 specific private client in custom auth and use that access token
Another is to use basic auth

john.gateley · August 11, 2022, 2:01pm

Hi @vprasanna

There are a couple of approaches.

You can use an API key. This would be stored as a secret in the getUser script, and verified by your API.

You can use M2M and get an access token in the getUser script (make sure the access token is cached)

In addition to the above, you can firewall your API - the set of IP addresses is specified on the script page.

John

system · June 5, 2024, 2:11pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
What would be the standard Requests/Responses (to be returned), for the Get User, Create, Delete, Verify operations? Help api , custom-database-conn , custom-database	0	1841	April 13, 2022
How to implement Auth0 Authentication with custom backend Help	1	3334	July 15, 2020
Soft/Automatic migration of users to auth0 via custom authentication service Help login	4	3747	July 26, 2019
Getting information from custom database Help api , custom-database	14	6776	August 30, 2019
How to generate and pass access token to the login end point in the custom database action script Help login	4	4505	December 5, 2019

Secure way to authenticate auth0 custom database get user request on server side for lazy migration?

Related topics