I am migrating app (Angular SPA + backend API) to Auth0 and I would like to find some best practices for sign-up. In my old model (with own authentication) when new account is created, some sign-up scripts are executed (to fill some initial data)
If a user has not an account at Auth0 (my backend API neither), he or she creates a new account in Auth0 universal login, is logged-in and gets redirected to my Angular SPA; first requests to backend API are being sent.
I should check whether the user sent in JWT exists in my local databas (users_settings table for example), and if missing, execute those sign-up scripts.
When you migrate the authentication process over to Auth0, do you only want to allow username/password authentication (Auth0 database connections), or also social connections like Google, Facebook, etc. (now or later on maybe)?
If you only allow database connections, you can consider triggering the initial data setup via an API call from the post-user registration hook. This hook only works with database connections though, not with Social Connection such as Facebook, Google, etc.
Otherwise, if you don’t only use database connections, you can consider a rule and trigger the logic from there; within the rule you can check if it’s the first login of the user, and if so, only then initiate that API call to your end.
Alternatively, don’t use Hook or Rule at all and just trigger the initial data setup once the user is returned and base is on the returned ID Token or Access Token (esp. the sub claim, which is basically containing the user id; that’s also the value you should use to reference users in your database tables, so that you have a link between your business logic database tables and the Auth0 user store).
Which approach to take also depends on when that data needs to be available, whether it’s time critical for a user to being able to use your app, or whether it can happen asynchronously in the background, etc.
Another point to consider is how to migrate your legacy users that are in your old user database over to Auth0, when you make the switch. You can consider an automatic migration over time, or a bulk import. https://auth0.com/docs/users/concepts/overview-user-migration