Using the nameidentifier claim as a user's global unique identifier

I have a quick question about referencing users in my database model.

I am using Asp.Net and Entity Framework and I was wondering if it is okay to use the value from the nameidentifier claim, that I get from Auth0, as a reference in records in a database?

Is it the correct value to use, or should I use another value?
How will this affect my solution in the future if I decided to change things up?

I am still learning and was wondering if it would have any consequences or I am on the right track in regards to this.

Hi @MatthiasLA,

I’m only guessing here , but if nameIdentifier is being set equal to the user’s root user_id attribute, that value is guaranteed to be unique within the given database, so it may be safe to use as a key into other databases, since you can always take those fields with you if you migrated to another solution.

That said, personally I would recommend implementing your own unique identifier. The example rule linked below would add a standard UUID to a user’s profile if they do not already have one. This is what I am pushing for where I work, though we haven’t implemented this yet. I just like the idea of using 1. an actual UUID standardized unique identifier and 2. something that is in no way linked to the underlying IAM service.

Hi @markd.
Thanks a lot for the explanation. It sounds like a lot fo the same thoughts I have had, I just wanted to make sure that it was the right approach.
The user_id attribute in Auth0 is in fact the id of the user, but with “auth|” put in front, which means it is very much tied into Auth0.
I will mark your comment as answer to end the question. :slight_smile:


1 Like

That’s correct. The root level user_id will have a prefix indicating what source system was used to create the profile. So auth0| for an Auth0 database user, google-apps| for a G Suite enterprise connection, google-oauth2| for Google social login etc.

You can take the user_id field with you if you leave Auth0 but personally I do prefer to have a plain industry standard UUID.

Thanks Mark for sharing the knowledge on this front!

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.