I’m considering replacing all of the personally identifiable information on our database to use metadata on the auth0 object. This would provide a natural separation between our applications protected data and the sensitive user information. However, in the documentation, I noticed that Auth0 does “recommend against using these properties like a database”.
What’s the reason for this? Is the use case of storing all PII still acceptable?
Hey there @dbsullivan231!
Thanks a lot for reporting that. Let me reach out to our docs team regarding that to find out why is that. Thank you!
My 2 cents. I did not choose this path because:
Calls to the API are throttled (and throttling rules can change anytime as per the docs: Rate Limit Policy) - so it is possible to hit a frustrating bottleneck at some point in the scale up.
I find response times of the Auth0 servers are not particularly impressive
Those 2 points seem to show that Auth0 indeed does not provide a “database-like service” in the metadata.
Thanks a lot for sharing that knowledge @Mic!
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.