Using Auth0 authentication for a daily puzzle platform like Letter Boxed best approach?

Get Help
,
1

Hello everyone,

I’m currently experimenting with building a small word-puzzle platform inspired by games like Letter Boxed archive, and I’m using Auth0 for authentication and user management.

The main idea is that users can sign in and track their daily puzzle progress, save solutions, and possibly maintain a streak or leaderboard similar to what many daily puzzle platforms offer.

So far the basic authentication flow works well, but I’m trying to figure out the best way to structure user data related to puzzle activity.

Current setup:

  • Authentication: Auth0 Universal Login

  • Frontend: JavaScript web app

  • Backend: Node.js API

  • Puzzle logic: Daily word puzzle similar to Letter Boxed where users connect letters to form words.

What I’m trying to implement:

  • Users log in with Auth0

  • Each user can submit their solution to the daily puzzle

  • The system records:

    • number of attempts

    • solution words used

    • completion time

    • daily streaks or stats

My main questions:

  1. Is it best practice to only store the Auth0 user_id in my database and link all puzzle activity to that?

  2. Would it make sense to store things like streak counts or puzzle stats in Auth0 user metadata, or should that remain entirely in my application database?

  3. Has anyone used Auth0 Actions to attach custom claims (like puzzle rank or solved status) to tokens for this type of gamified feature?

I’m mainly trying to design this in a way that scales well if the puzzle platform grows and more users start tracking their progress daily.

If anyone has built a game, puzzle platform, or daily challenge system using Auth0, I’d really appreciate hearing how you structured authentication vs gameplay data.

Thanks in advance!

2

Hi!

I think what you have here is a situation of can you vs should you.

Yes, you probably could build and maintain this in user/app metadata, should you? Probably not. Architecturally speaking, this belongs in a data store, with records as versions, time stamps, ability to query and audit. From a scalability perspective, it also doesn’t sit well in Auth0 to hold that data. When you look to produce a leaderboard, you’re going to have to query every user for their data, whereas, in a DB, its a SQL query.

1 Like
4

Hi @hellencharless54

As @JFoxUK has stated, Auth0 has the capability of storing all of that information in regards to users, it solely depends on how your application is built and what are you going to do with the data.

Storing things inside user metadata can be useful as long as you plan to access that information through the ID/Access Tokens provided by Auth0 in order to display certain information.

Another good point made by @JFoxUK is that of the scalability of the application. It would be better suited to store the system record in your own database since it would be better to perform a couple of SQL queries looking for the data that you need instead of having to perform several Management API calls to extract all the information you need.

In conclusion, I would recommend to use Auth0 to store essential user data that you can easily access through the ID/Access token (rank, permissions, some_other_user_data) which can be updated whenever necessary using the Management API and keep anything else related to the gamification of your app in your own data store.

If you have any other questions, let me know!

Kind Regards,
Nik