After finally figuring out how to get a JWT token from Auth0 to work with my Spring backend, the next thing I’d like to figure out is user management from my backend.
There are a few questions I had in mind:
-
What is the most reliable identifier to use from the claims for tracking users in my own backend database? My backend needs to tie entity ownership with my authenticated/authorized users. I was thinking of using “sub” and “email” (from userinfo endpoint) both.
-
Is it ideal to use the Management API from my own backend to handle roles & groups? I want to create groups with different attributes including ownership by one or more users, etc. - things I don’t think Auth0 groups support. Is it better that I just maintain my own on my backend, especially if I need to maintain my own app-related roles/permissions, associations, etc.? If I use Auth0 for this, then I’d need to know when it updates from Auth0’s end (i.e. user deletes their account) and so on and I feel that will complicate things.
-
What is the difference between using Users/Roles in the normal dashboard and using the Authorization Extension? The only difference I noticed is that the extension has groups, but the dashboard management doesn’t.