Hello,
My current authentication technique is the following:
- The user logs in on the front end, storing their access token as a variable alongside their email.
- The user requests to change their data, such as their profile settings.
- The program passes the user’s email, token, and data to change to the backend.
- The backend takes the token and accesses auth0 userinfo route to confirm that the emails match.
- If the emails match, the user can update the information.
The issue is that, even on the paid tier of $35 a month, the user can only use the /userinfo tier 5 times per minute.
My next idea is to store a hashmap in RAM that will cache the /userinfo when requested (token to JSON map) with a timer that makes it expire every minute. When the server restarts, the cache restarts. Is this a secure practice to do? The amount of users is under 100, so memory limits will not be an issue.