Auth0 Home Blog Docs

Should I hash the user identifier for a custom database connection?



I am moving to a CustomDB, which means i won’t be hashing the as default. This is something Auth0 is doing. Are there any security concerns by not hashing the primary key which is exposed in the token? Or should i apply UUID to the


Are you completely migrating away from Auth0, or will you be using a custom database connection through Auth0?


I am using CustomDB, currently i am just utilizing a default UUID on my database column which is doing the job ok.


It’s not technically need to hash the user identifier coming from a custom database. Only have in mind that the user identifier is exposed to the end-user so you should something that is okay to disclose to the end-user itself; using a UUID is an adequate option in general.