What is the recommended way to grab multiple avatars at once?

For some parts of our application I’d like to display a list of users which may or may not include the current logged-in user (think e.g. a team list). I would like to also grab Auth0’s avatars for this list of users to be able to display them on the front-end. What’s the recommended way of doing this?

I know that Auth0 offers a Management API that I can use to grab a wide swath of information about users, but it looks like I’d have to write a custom Javascript rule to restrict scopes and the information that’s sent back so that an untrusted front-end can’t grab anything unrelated to an avatar about a user. That’s a bit undesirable for me because then I have some important-ish security logic sitting in a random snippet of Javascript in a rule.

I’m also not sure whether the Management API is meant to be used this way (i.e. as a bulk data retrieval point by untrusted front-ends). The whole way that tokens are retrieved and used leads me to suspect that the Management API is never meant to be directly hit by an end-user front-end.

Is there a better way of doing this?

Hey @gallac !

As it has been more than a few months since this topic was opened and there has been no reply or further information provided from the community as to the existence of the issue we would like to check if you are still facing the described challenge?

We are more than happy to assist in any way! If the issue is still out there please let us know so we can create a new thread for better visibility, otherwise we’ll close this one in week’s time.

Thank you!

This topic was automatically closed after 5 days. New replies are no longer allowed.