Users & Roles - Users table should have a GDPR nameless/emailless etc no-logging version

I will give the gist in this post, but I encourage Auth0 staff to explore my thread here where I was struggling with multiple confusing technical ux issues in my quest to solve this problem. I logged my assumptions, rationales, roadblocks along the way so please have a look.

I am building a medical app that does anonymous analysis of anonymous samples via some bluetooth hardware, in the EU, that needs to be GDPR compliant, and more specifically, we need to guarantee that we do not log, and do not know which of our customers are using the app at what time and what patients the samples belong to.
Our app still needs to have logins and secure sessions though, and needs to display some private info in the app during the session, like for example the email and name of the technician. But we must not log any such info on any servers.

So on Auth0, I’ve set up passwordless email logins and a couple social logins. I use no databases. But to my surprise the Users & Roles → Users page in the dashboard, logs by default, waaay too much information (name, eamil, ip, time of day, picture etc).

It’s none of our nor auth0’s beeswax to log anything more than a unique hash of the user. Especially not in our scenario.

But there are no hints in the Auth0 dashboard about:

  • the existence of this logging table “hidden” somewhere in the Auth0 dashboard interface in the first place. It should be in a big privacy section.
  • what this table even is – there is no title or info bubble about what it is on its page. (I thought I had accidentally enabled some database’d login method in my app)
  • how you can configure this table so that you don’t log all that private info. (please make a ui-mode from the solution to this, from a settings button next to the table)

In the end I was able to solve it but it was very involved and very different from regular Auth0 setups, and required the management API, connection ids, patching connections, creating Rules; a lot of stuff that is not at all hinted by any of the UX of the dashboard that it’s even possible to do.

For example I would have had no idea in a million years, that after setting "non_persistent_attrs": ["email", "name", "email_verified", "family_name", "gender", "given_name", "picture", "nickname", "locale"], I could get them back through the Rules js functions that run after the log in has happened. I would have had no idea that at that stage (post-login) is the right place to still obtain user information and forward it to the client app.
Stuff like that.
Refer to my linked thread for more.

Most of this kind of stuff needs to be presented from the top-down as well, in a big picture way, in the form of some hints e.g. “if you want to achieve this then do x” or “did you know you can configure this by going in the management api and then in the rules functions?”.

Hell I didn’t even know there was such a thing as an Auth0 FAQ because there’s no mention of such thing in the management dashboard. Had I seen a “FAQ” on Auth0’s main website or in google results, I would have 100% assumed it’s definitely not technical FAQs. So also put a link to it in the management dashboard.

Thanks. Now I will accept my consultation fee. :upside_down_face: Cheers.

Thank you so much for the feedback and for sharing your context/use case here!

I’d like to chime in with a +1 on this feedback - We are looking at using Auth0 to enable SSO for our enterprise customers. Our app is currently designed in such a way, that user PII is not persisted and is only available during the active session (delivered via the ID token).

I guess the workaround suggested is OK short-term but really, I’d love a checkbox or something to not persist any external user data outside the session scope.

Thanks for providing that feedback Daniel!