I am currently fixing an old project that my club made about a year ago and I saw they used Auth0 for user authentication but also store username and hashed pw in mongodb in a user document. user documents also have roles like admin, manager, or customer and uses these roles to restrict certain pages and resources.
My question is, is there a reason why we store hashed pw along with username and roles? I assume the only time we use hashed pw is to verify that the user entered a valid credential. But if we have to authenticate using Auth0, is there any benefit of storing hashed pw in the db?
I would like to learn about general use cases where we would store hashed pw when we use third party authentication service like auth0.
Thank you so much!!
To my knowledge it is always a good idea, especially on important projects, to make the code base flexible, especially when using third party technologies. Doing so prevents this thing called vendor lock-in. Basically, if for some reason, you wanted to move away from using Auth0, having the user credentials already on the database would make a much easier migration for the team and for the users. Apart from that, I don't think it would be necessary to store them in this case.