Unique "username" for all users

I’m wanting to have my users all have a unique attribute that they can specify that I can search on. Username works great for this, except that it can’t be used for social users.

Is there any other option for doing this? As far as I’m aware the only way within Auth0 that you can have a unique field is the Username, and anything outside of Auth0 that tries to enforce uniqueness is at risk of race conditions - two different accounts updating to the same username at the same time, and in both cases the check for the username already being in use returns nothing.

The only other option I can think of is to make it entirely outside of Auth0 - as in, having my own database with my own uniqueness constraints, but this then leads to storing user data in two different systems with all of the complexity that this entails.

Cheers

Hi @sazzer ,

I suggest you use the Auth0 user_id as the unique identifier to search for the users. Do you have any concerns about using it instead of the username attribute?

Thanks!

And I really think that this highlights why asking a question when you’re tired is a bad idea :slight_smile:

I missed a minor, but essential detail. I want my users to have a unique “user-defined” attribute. Preferably a user-editable one.

The desire is to use it as part of vanity URLs, similar to how GitHub and Reddit work. User-Editable would be nice but isn’t required.

User ID works as a guaranteed unique value across all users regardless of source, but then you end up with URLs like myapp.com/u/auth0|12345678 instead of myapp.com/u/sazzer.

Cheers

Hi @sazzer ,

Thank you for providing additional context about this query.

Since you prefer to have a user-editable attribute, I suggest you create an attribute (let’s say username) under the app_metadata attribute and use app_metadata.username as the unique identifier.

Here are a few FAQs that explain the app_metadata attributes.

Please let me know if any further queries about this topic. Thanks!

1 Like

Hi @lihua.zhang,

Thank you for that suggestion. Is there any way to have Auth0 ensure that these values are unique across all users? I can’t see anything, and I assume that means that the uniqueness needs to be done by the application instead.

That opens up the risk of race conditions:
A1. User A makes API call to update username to “myuser”
B1. User B makes API call to update username to “myuser”
A2. Server makes call to Auth0 to see if any users already have “myuser” in app_metadata.username. None do.
B2. Server makes call to Auth0 to see if any users already have “myuser” in app_metadata.username. None do.
A3. Server makes call to update app_metadata.username for User A to “myuser”
B3. Server makes call to update app_metadata.username for User B to “myuser”.

At this point, both users A and B have the “app_metadata.username” property set to the same value.

Yes, it’s an edge case. But it’e one that can be difficult to fix if it ever happens. The best I can think of is to add more steps afterwards to check again and revert the changes if there are now more than 1 user with that username, but that has it’s own issues - what if the revert fails, for example.

The ideal case is if Auth0 does the assertion for you. That way, it becomes impossible for two users to have the same username - if you ever tried that then the update at B3 will just fail and the user data will be unchanged. But, as best I can tell, that’s not an option :frowning:

Cheers