-
Reliable Identifier for Tracking Users: Auth0 recommends two options to uniquely identify your users:
- The
user_idproperty: This is guaranteed to be unique within a tenant per user. - A natural key, like the
emailproperty: In this case, it is recommended that you enable email verification¹.
However, the
user_idfield has an undefined length due to the variable length of any identity provider/connection name. This implies that the only appropriate SQL data type foruser_idwould be TEXT which cannot be indexed. If you limit the identity providers to only “Auth0” (5 characters), the character length ofuser_idis not known. - The
-
Management API for Handling Roles & Groups: Auth0 Management API provides various functions to help you manage your roles. You can create roles, edit role definitions, add permissions to roles, remove permissions from roles, view role permissions, view role users, and delete roles. However, if you need to maintain your own app-related roles/permissions, associations, etc., it might be more straightforward to maintain them on your own backend.
Manage Role-Based Access Control Roles -
Difference between Users/Roles and Authorization Extension: The Authorization Core feature set and Authorization Extension are completely separate features. With the Authorization Extension, roles and permissions are set on a per-application basis. If you need the same roles or permissions on another application, you’ll have to create them separately. Conversely, the Authorization Core feature set provides much more flexibility with roles and permissions. The Authorization Extension provides support for user authorization via Groups, Roles, and Permissions, while the dashboard management doesn’t.