I like the idea of letting Auth0 manage the users/roles/permissions for our application, but when I create a resource server with APIs it doesn’t seem that I’m able to access the same user principal information that I would if I create a ‘regular’ web app API that handles all of the authentication manually (via a custom user table for example). Am I wrong about this? What I’m really trying to achieve is to have APIs that are aware of the user that is calling them and to then be able to fetch data specific to that user from the database. With a resource server it seems like all I really know is whether they are authenticated and authorized to use those endpoints, not who they are. I get that I could pass some piece of user data with each request and then look them up that way but I’d prefer not to have to do that.
Hi @jrichmond4,
Welcome to the Auth0 Community!
The resource server would receive an Access Token, which contains a sub claim. This claim is a UUID that you can use to identify your user and fetch relevant data. For example, if you had a resource server serving blog data, you may receive an Access token with "sub":"user|123". You can then confidently fetch all posts belonging to user|123 and serve them to their author.
Additionally, the Access Token may be exchanged for the user’s Auth0 profile via the /userinfo endpoint. This allows you to get more profile info on your user.
Further, you can enrich the token with Create Custom Claims. This allows you to add custom data to the token to suit your use case. Pair this with Understand How Metadata Works in User Profiles and you can essentially store and save any relevant data (this should be limited to data for auth purposes, i.e. no blog posts etc.) to your front end or backend from Auth0.
So when a user registers through Auth0 I would then need to use a hook or something to call an endpoint to set them up in our apps DB with this UUID?
That’s an option, or you can just create them as they arrive. i.e. your app receives a token, if the UUID doesn’t exist in your DB, create a new user.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.