I have an SPA that is backed by a REST API. The user can sign up / log in using Auth0 in the SPA. Once logged in, the user gets an access token that the SPA can use to access the REST API. Instead of having to call the userinfo
endpoint to get the profile for every REST API call, I’d like to store all the user profiles in the app’s database.
What is the proper way to achieve this? It seems like I might want to do something during the callback after the user signs up?
I would recommend making use of browser’s local storage or session storage to store the user’s profile data after he logs in or signs up.
I don’t think that will work, because I need the user data in the backend.
Do you want the profile of all the users or just the logged in user?
Since you are using Auth0 for user authentication/management you may as well store user profile information within the user or app metadata and retrieve this after the user logs in. If you need profile information available whilst the user is logged in store profile info within the user context or identity as a claim wherever that is stored so it’s immediately available, or just get the information when required?
user/app metadata can be added as additional claims, via a “rule” when you get the user information after logging in, which you can then use within your app…
e.g.:
function (user, context, callback) {
// Only process for this client (or comment this for all clients)
if (context.clientID !== "[YOUR_CLIENT_ID]") {
return callback(null, user, context);
}
var claimsNamespace = 'https://yournamespace.com/';
context.idToken[claimsNamespace + 'first_name'] = user.first_name;
context.idToken[claimsNamespace + 'last_name'] = user.last_name;
context.idToken[claimsNamespace + 'email'] = user.email;
context.idToken[claimsNamespace + 'email_verified'] = user.email_verified;
context.idToken[claimsNamespace + 'user_metadata'] = JSON.stringify(user.user_metadata);
context.idToken[claimsNamespace + 'app_metadata'] = JSON.stringify(user.app_metadata);
callback(null, user, context);
}
I need all the users’ profiles, as most resources in my app are tied to a specific user. For example, a user can create a “project”, and invite other users to collaborate.
I actually need the user profile of all the users that have signed up. Most of the resources in my app are user-specific, so doing this in Auth0 would require hitting the Auth0 API for every request, which would result in hitting rate limits.
You need all the user profiles on every request? why is this? The alternative would be to duplicate the profile data locally and update it whenever you update the Auth0 user? you will still need to retrieve that data from somewhere?
Maybe not all users, but imagine you are building a chat application where you display a list of users with their username and profile picture. You need this data for multiple users to render the message list.
3 Likes
I see, you can return results for multiple users at once via search [just check this is enabled on your account] or store some denormalised data on each chat thread and update that periodically in a more local/cached way? but will depending on your implementation of course. Of just sync data to you own db when a user is updated? You can use an external/custom database within Auth0 where I think Auth0 will save to your own db as the primary store?
If this is the case then you can make use of Auth0 Management API’s List or Search Users endpoint to get the profile info of all the users in a single hit.