Hi all , we currently started working with Auth0 and having some issues with 429 too many requests.
Basically our current flow is as follows:
We have a single page web application that send an idToken to our backend service , which is validated using GoogleIdTokenVerifier (Authentication)
We wanted to use Auth0 as an Authorization framework so our flow that we wanted to implement was to add after the user is really authenticated , get the user , get his roles and save it in our Principal object.
So basically there are multiple API calls here (ListUsersByEmail to get the userId , getUserRoles to get the roles of the user)
But because the authentication is being called in every API call we are in a state when we hammer Auth0 management API service and getting the 429 error.
So , first of all , maybe our flow is incorrect and there is a better way to implement this?
If not, how do you suggest to overcome this problem?
I thought to implement a custom service that will keep all the users and their roles in memory and will update it every X time, but I’m not sure this is the correct approach.