Integrating with Auth0

Question

I'm in the process of implementing a user management Microservice (MS) and wanted to find out whether what I'm doing is ok. Users are created from the UI, which interacts with an API. The API makes an RPC call to the user management MS, and publishes a CreateUserCommand to an InMem-bus. The consumer then handles the command by then creating a user in the DB, but then I need this user also registered within Auth0 - would the way to go about this be to send a different command to a persistent queue, for a subscriber to pick it up and register that user with Auth0 (persistent queue in case can't reach Auth0). Once that completes successfully, I could then publish a UserCreatedEvent?

Any help with this would be much appreciated.

Are you following DDD aproach? (*Almost* retorical question) — Constantin Galbenu, Mar 14 '17 at 06:30
Also, `Auth0` requires manual input from the human user, right? — Constantin Galbenu, Mar 14 '17 at 06:59
Yes, following DDD. No, auth0 provides a rest API to create users, so using that to interact with Auth0. — CraigM, Mar 14 '17 at 07:13
So you are not using an OpenID like Facebook or Google to register users? (just to be sure if the auth0 user registering is automatable) — Constantin Galbenu, Mar 14 '17 at 07:14

score 2 · Answer 1 · answered Mar 14 '17 at 07:27

2

You have two Bounded Contexts: User management and Authentication.

User management BC deals with the life-cicle of a user (creation, mutating and deletion). Authentication BC deals with how the users identify themselves in the system.

So, it is a valid assumption that a user can exists even if it has (yet) no possibility to identify himself in the system.

That being said, you should emit the AUserWasCreatedEvent immediately after the User management BC processes the CreateUserCommand because in that moment the user is born. It has an ID, let's name it UserID, so it exists.

Then, this user needs a mean to identify himself and a Saga (or Process manager or whatever you want to call it) catch the event and create a CreateAuth0UserCommand that it is sent to the Authentication BC by calling the Auth0 API. The API respond with some data, possibly including a token; that token is handled by the Authentication BC and it is associated with the UserID.

answered Mar 14 '17 at 07:27

Constantin Galbenu

16,951
3
38
54

I want to register the user with Auth0 is so that I can tie up the Auth0 generated userID with the user in my database (that has had it's own unique application generated userID). So once a token is granted on successful login (the token contains the Auth0 userID), I want to find the associated userID generated by my app for that user and use that instead for the remainder of the request - so that auditing records, etc. can now be linked to the user in my database. Trying to decouple Auth0 from the more intricate workings of my app, and just using Auth0 for authentication.Does this make sense? – CraigM Mar 14 '17 at 21:31
1

Decouple is very good, you should decouple the concepts too. Authentication only identify a user. Once a user is identified then it should be authorized. Then is only business logic, the core domain, your main focus. – Constantin Galbenu Mar 14 '17 at 22:17
1

If a user is created and auth0 fails you take compensation actions, like deleting the user, notify the admin or just ignoring it. This may seem like added complexity but is necessary for the decoupling. – Constantin Galbenu Mar 15 '17 at 22:10

Integrating with Auth0

1 Answers1