I am moving to a CustomDB, which means i won’t be hashing the user.id as default. This is something Auth0 is doing. Are there any security concerns by not hashing the primary key which is exposed in the token? Or should i apply UUID to the user.id?
Are you completely migrating away from Auth0, or will you be using a custom database connection through Auth0?
I am using CustomDB, currently i am just utilizing a default UUID on my database column which is doing the job ok.
It’s not technically need to hash the user identifier coming from a custom database. Only have in mind that the user identifier is exposed to the end-user so you should something that is okay to disclose to the end-user itself; using a UUID is an adequate option in general.