Secure way to authenticate auth0 custom database get user request on server side for lazy migration?

vprasanna · August 11, 2022, 7:51am

Now we are really concerned about securing our custom API what will provide user details for Get User request.
We have a API which returns user details and we want to use that in custom getUser database script.
We wanted to understand auth0 recommended approach to protect that endpoint.

One way is to, create auth0 specific private client in custom auth and use that access token
Another is to use basic auth

john.gateley · August 11, 2022, 2:01pm

Hi @vprasanna

There are a couple of approaches.

You can use an API key. This would be stored as a secret in the getUser script, and verified by your API.

You can use M2M and get an access token in the getUser script (make sure the access token is cached)

In addition to the above, you can firewall your API - the set of IP addresses is specified on the script page.

John

system · June 5, 2024, 2:11pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
What would be the standard Requests/Responses (to be returned), for the Get User, Create, Delete, Verify operations? Help api , custom-database-conn , custom-database	0	1841	April 13, 2022
How to secure an API with Auth0 Help access-token	5	10545	February 10, 2019
Custom password hashing Help password , custom-login , hash , hashing	2	7668	March 2, 2018
Auth0 with our own (not exposed to internet) database Help	2	1505	June 10, 2022
Custom database to localhost Help auth0 , api	1	1860	January 14, 2022

Secure way to authenticate auth0 custom database get user request on server side for lazy migration?

Related Topics