I’ve been following this example of a mobile + api flow for PKCE-supported authentication.
One thing that seems to be lacking there is the case where you want to create users in your own database based on the returned data of the id token of say a facebook authentication request.
I’ve been contemplating this and I was considering connecting to my api through auth0 itself, with a rule, much like Hasura does. That way you just call the authorization service and this in turn upserts the user in your database as well, so the mobile app doesn’t have to call your create-user endpoint after you received the access token and refresh token.
The other option would be the opposite. You get back the access token, id token and refresh token and you call your own api with the id token so it can decode it serverside and create a new user if necessary.
I don’t know what the best practice is here and how most people do it?
Any advice would be helpful!