Replace API calls to `/userinfo` with payload from id_token

achedeuzot / ueberauth_auth0

Auth0 OAuth2 strategy for Überauth.

https://hexdocs.pm/ueberauth_auth0

MIT License

71 stars 46 forks source link

Replace API calls to `/userinfo` with payload from id_token #235

Open taj opened 1 year ago

taj commented 1 year ago

We are going above Auth0's rate limits on a daily basis. After some investigation we realised that the ueberauth_auth0 was making API calls to the /userinfo endpoint every time someone logs in (on callback).

We actually don't need to do this as the user info is returned in the id_token. The id_token follows the the JWT standard.

achedeuzot commented 1 year ago

BTW, have you seen the #175 PR ? It could give you some ideas about your feature ;)

achedeuzot commented 1 year ago

@taj In ran the CI but it's red because of a few things :) Have you checked the PR of the previous comment ? It could help ;)

taj commented 1 year ago

@taj In ran the CI but it's red because of a few things :) Have you checked the PR of the previous comment ? It could help ;)

Hey @achedeuzot, sorry was on holiday for the past week, I will try to fix everything this week! :)