For my recent project I decided to leverage Authentication-as-a-Service, in particular I am using Auth0 but I do not think this particularly matters. I've got my React client set up correctly and I am capable of signing in, I can also make authorized, restricted calls to my backend API (written in ASP.NET Core.)
The examples ends here and I am not certain how to continue. My application is very social and relies heavily on relational data between users and their content. Among my most commonly retrieved data would be user profiles, like avatars and display names.
I cannot figure out for the life of me, how I am meant to get at this data. Imagine a comment thread, I want to display the avatar and name of each poster along with their posts. Storing the posts on my data is simple, I can simply use the sub claim of the JWT for that. What is less obvious to me is where I would store my user profile, I see the following options:
- I could use Auth0's management API, but this is heavily rate limited (I mean VERY heavily rate limited), and seems more meant for creating users and administrative tasks.
- I could keep a 'local' user profile in my own database, but at that point I am starting to wonder why I would ever use Auth0 at all.
What options are there for tackling this kind of specific problem?
1 Answer 1
Rate limited refers to database connection, which should not be a blocker for your use case.
Auth0 caches the user profile received from a database connection before sending it to the client application. This cache is stored in the Auth0 database and is refreshed each time the user authenticates.
So you can always query from database to get user profile.
-
Thank you, it is ridiculous that the documentation doesn't explain this better.Jesse Brands– Jesse Brands12/09/2020 04:44:30Commented Dec 9, 2020 at 4:44