Why store user credential in MongoDB when using Auth0?

Question

I am currently fixing an old project that my club made about a year ago and I saw they used Auth0 for user authentication but also store username and hashed pw in mongodb in a user document. user documents also have roles like admin, manager, or customer and uses these roles to restrict certain pages and resources.

My question is, is there a reason why we store hashed pw along with username and roles? I assume the only time we use hashed pw is to verify that the user entered a valid credential. But if we have to authenticate using Auth0, is there any benefit of storing hashed pw in the db?

I would like to learn about general use cases where we would store hashed pw when we use third party authentication service like auth0.

Thank you so much!!

score 1 · Accepted Answer · answered May 24 '21 at 04:24

To my knowledge it is always a good idea, especially on important projects, to make the code base flexible, especially when using third party technologies. Doing so prevents this thing called vendor lock-in. Basically, if for some reason, you wanted to move away from using Auth0, having the user credentials already on the database would make a much easier migration for the team and for the users. Apart from that, I don't think it would be necessary to store them in this case.

Ahh that makes so much sense. Thanks so much! – luke.lcim May 24 '21 at 14:01 — luke.lcim, May 24 '21 at 14:01

Why store user credential in MongoDB when using Auth0?

1 Answers1