Auth0 Home Blog Docs

Should I hash the user identifier for a custom database connection?

custom-database
user-creation
uuid
custom

#1

I am moving to a CustomDB, which means i won’t be hashing the user.id as default. This is something Auth0 is doing. Are there any security concerns by not hashing the primary key which is exposed in the token? Or should i apply UUID to the user.id?


#2

Are you completely migrating away from Auth0, or will you be using a custom database connection through Auth0?


#3

I am using CustomDB, currently i am just utilizing a default UUID on my database column which is doing the job ok.


#4

It’s not technically need to hash the user identifier coming from a custom database. Only have in mind that the user identifier is exposed to the end-user so you should something that is okay to disclose to the end-user itself; using a UUID is an adequate option in general.


#5