I am developing an app in Aurelia which has a .net core backend. I have already implemented user Authentication with Auth0 in the frontend. The problem comes as I am not sure if its good practice to implement a way so that users from auth0 database are linked with my user model in .net core and in my database. When a user registers/logs in I can get the corresponding user model from my database. Basically I would be using the auth0 database jsut for logging in and my database for the user details. If it is good practice how should I go around and doing it? Is a 'post user registration' action good? Any help appreciated :)
CodePudding user response:
It is a common approach to let the Authentication Service keep only the minimum amount of data it needs to authenticate a user, and then have additional, business-related data in a separate service. These should be linked upon user registration.
Note, that if that data in the separate service would be used to perform authorization decisions, then the Authorization Server (Auth0 in your case) should be able to read that data when issuing tokens, and relevant information about the user should end up in the signed token in form of claims. This gives you the assurance that this data is not tampered with.
Have a look at this article that my colleague wrote: https://curity.io/resources/learn/integrate-identity-business-data/ as it describes in more detail what you need.