We are working on a project with auth0 for the login and user management. The main backend is implemented on ExpressJS with MongoDB. We have implemented auth0 and everything works great with the backend as well. Just wanted to know the proper way to link user on our mongoDB with the user on auth0 DB
Since a unique "user_id" is assigned for each user on auth0, should we create a user with this id in mongodb and for each API call the client(mobile app) sends the auth0 access token in the header.
For getting the reference as to which user sent the request, should the client(mobile app) store the "user_id" and send it with the API request or can we get the "user_id" from the access token.
Was just thinking that sending the user_id with each API request undermines the purpose of auth0 and might be a security issue
Please suggest the proper way to implement this
I have no experience with Auth0, but the "sub" claim in the access token should contain the user id.
I would use the user id of Auth0 as id in my custom database and take it from the "sub" claim from the access token.