Discussion on: Authorization and Authentication For Everyone

kimmaida profile image
Kim Maida Author

In a very general sense, I would recommend rules for adding the user metadata to your ID and/or access tokens (depending on the use case), but without knowing more details, I'm not able to detail a flow for you.

I strongly recommend that you ask this question in the Auth0 Community forum and provide details there such as:

  • What's the source of the subscription plan data? (E.g., a database?)
  • What's the purpose of the data? (E.g., to simply display in the client? To be able to change the plan? To control access based on the plan?)
  • What's your application architecture? (E.g., your API? third party APIs? Backend app? JS app running in the browser? etc.)

The folks at Auth0 should then be able to help you determine the correct flow to get all your data securely where it needs to go.