2

I want to use Okta to safely store my users names and passwords; however, they also have information such as (to be general) age, birthday, graduation date, interests, etc. to be stored as well.

The Okta API does not store this info so upon account activation I need to create an entry for this user in my MongoDB database immediately.

Is there a way to detect this event? Thanks!

If this is extremely roundabout I am totally okay with taking a new approach too; however, I don't see much wrong with my current method if it is in fact possible.

I am using Node and ExpressJS to communicate with Okta using express-session and the oidc middleware.

Kurnal saini
  • 103
  • 3

1 Answers1

0

A common solution would be to separate the user profile data from their credentials. So first, you have a user create an account or sign in with Okta. After they are signed in, you retrieve their profile data. If the user has no profile data in your webapp, you force the user to fill our their profile before they can use the webapp.

New user flow would look like this:

  1. User clicks on "create account"
  2. User enters in email/password in Okta
  3. Your backend stores the user session
  4. Your backend attempts to locate a user profile for the user. None found (first time user), so it restricts the routes the user can access.
  5. Your frontend forces the user fill out the profile before accessing any other screens
  6. User fills out profile and submits
  7. Frontend POSTs profile to backend, backend saves it
  8. Frontend and backend lift all restrictions, app continues as normal
nareddyt
  • 1,016
  • 10
  • 20
  • thank you I originally planned to do it this way but I thought parsing an entire database to check for a username would be inefficient once there became to be a lot of users. – Kurnal saini Jan 06 '19 at 04:08
  • You can store the username as an ID or index, allowing the db to find it quickly. Think about hashmaps! – nareddyt Jan 06 '19 at 05:41