Where to store data associated with user account?

I am storing a variety of data on app_metadata and user_metadata. However, I came upon this text in auth0 docs:
Beware of storing too much data in the Auth0 profile. This data is intended to be used for authentication and authorization purposes. The metadata and search capabilities of Auth0 are not designed for marketing research or anything else that requires heavy search or update frequency. Your system is likely to run into scalability and performance issues if you use Auth0 for this purpose. A better approach is to store data in an external system and store a pointer (the user ID) in Auth0 so that backend systems can fetch the data if needed. A simple rule to follow is to store only items that you plan to use in rules to add to tokens or make decisions.

So now I am confused…what exactly should I store on metadata? And if I cannot store some stuff on metadata do I store it in a separate DB, like mongoDB. I thought that having a DB connection costs money. I am currently on the free tier, and this suites my use case for now, until we scale up. Clarification would be appreciated!

Hey @victor-wei126,

So the data that you should store on user_metadata is data that will be needed for authentication or authorization purposes: “A simple rule to follow is to store only items that you plan to use in rules to add to tokens or make decisions”

For example, you could store the age of a user and allow access (Authorization) to certain features of your application based on that age. You could even deny Authentication to your app based on that. This is therefore something that you should store on the user’s metadata. However, their preferred food will probably not be used for Authentication nor for Authorization purposes so you shouldn’t store that data on the user’s metadata.

Now, regarding an external database being a paid-feature, this is not exactly the use case for that, because you will not use the external database for authentication and authorization purposes. This is not a custom database that will be called on every authentication. Actually, Auth0 doesn’t even need to know about your external database which will store the preferred food of your users. However, your application could leverage the said pointer to access both your database and Auth0 to retrieve any information related to the user.

1 Like

Hi Ale,

Thanks for your reply. So if I understand correctly, the only data to be stored on Auth0 database metadata should be data that is related to authentication/authorization?

And then anything not related to auth should be stored in an external database? And to be clear, I can connect a mongoDB database for free to store data (as a database connection) and this is part of the free plan? The only thing that costs money is using an external database for authentication? Thanks!


Not exactly. You can’t use a Custom Database connection on a Free plan. Our connections are meant for authentication. Meaning that whenever you configure any connection for a given application on your Auth0 tenant, it is expected that connection will be used for authentication purposes and it will actually be automatically “attached” to your authentication flow

Can I know why you want to connect that MongoDB database to Auth0? If you are not going to use that data for Authentication or Authorization purposes, it would make no sense to connect that database to Auth0. However, note you can call external databases without configuring them as Custom Databases on your Auth0 Dashboard and you would be able to call them via Rules. For example: Add user roles from a SQL Server database

1 Like

This makes more sense. So custom database connections are only used/meant to be for authentication. Thus, if I want to use a database for other things not related to authentication, I do not connect them as a custom database connection.

I guess now I don’t need to use a mongoDB database as a connection. The only thing I would want to use this database for is storing user data not related to authentication. For example, I want to store an array of jobs on MongoDB. Each job in MongoDB would have a userID field, which would act as a reference to the Auth0 user, and thus tie each user to a set of jobs. Is there any documentation for how to call an external mongoDB database? Or is the general strategy just calling them via rules? Thanks!

Exactly. That’s right.

Usually, external database calls will be done via Rules. Sometimes, it might be better to do it in a Hook instead. It really depends on what you want to do and why.

After reading this last paragraph, I’m a bit confused. Why do you want to call your MongoDB from Auth0? (i.e. from your authentication flow). If this external MongoDB database will store data not related to authentication or authorization, why would you need to do that?

The scenario I imagine in my mind is that you have an application which needs authentication, so you use Auth0 for that. Then, the users that log in to this application would need to do things with their respective jobs, so you will call your MongoDB from your own application and read/write/do things with those jobs. Am I assuming your use case correctly? If so, why would Auth0 need to call your MongoDB on this scenario? I would expect the opposite actually: retrieving data about your Auth0 users from your own application.

1 Like

Hi Ale,

You are correct. I was a bit confused about all this–since I thought I would need to use Auth0 to call the objects in MongoDB, since they are inherently related to the users (which are stored on Auth0). But yes now that I think about it, you are right, I need to do the opposite which is retrieving data about my Auth0 users from my own application. Here is a specific use case I am considering:

When users login, they are brought to their dashboard page. On this page is a list of the jobs that they have created. These jobs are stored on MongoDB and thus need to be fetched from the database.

Update: I have figured out this topic, it is unrelated to auth0! Thanks for all your help!


Thanks for letting us know!

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.