User Info endpoint rate limit for paid tiers


My current authentication technique is the following:

  1. The user logs in on the front end, storing their access token as a variable alongside their email.
  2. The user requests to change their data, such as their profile settings.
  3. The program passes the user’s email, token, and data to change to the backend.
  4. The backend takes the token and accesses auth0 userinfo route to confirm that the emails match.
  5. If the emails match, the user can update the information.

The issue is that, even on the paid tier of $35 a month, the user can only use the /userinfo tier 5 times per minute.

My next idea is to store a hashmap in RAM that will cache the /userinfo when requested (token to JSON map) with a timer that makes it expire every minute. When the server restarts, the cache restarts. Is this a secure practice to do? The amount of users is under 100, so memory limits will not be an issue.