0

Is it possible, that by using one of the main OpenID Connect / JWT identity providers (eg. Google Federated Identity) a simple web app could read / write a key value store on that identity provider in the scope of that user?

I know that by using JWT I could claim read access to the user's email for example. But is there a way to persist arbitrary information about that user?

Eg. I make a page where the user can login with Google. After login the user can choose to save favourite colour. Is there a way to persist and retrieve this favourite colour when the user logins from another device, without the need to have that saved in my own DB?

What other alternatives would there be to achieve something like this in a way that I would not have to run and maintain a backend service?

titel
  • 3,454
  • 9
  • 45
  • 54

1 Answers1

0

Even if this works as a short term thing it will not scale. In an OAuth architecture any real app needs to store its own data. The 2 main options are:

  • Store simple data such as favourite colour in UI local storage after login. Be extra sure nothing secure or important is stored here.
  • Store anything more permanent or sensitive in your back end. This can require the kind of insight in my User Data Management write up.
Gary Archer
  • 22,534
  • 2
  • 12
  • 24