Hi there, I’m building a web-app with RedwoodJS and I’m using Netlify’s Identity Widget for signup/login etc. I want to have a database table that is linked to each Identity account so I can store more info about each user. I’m guessing that upon successfully signing up or verifying an email address it would be a good time to enter a new row in that user database table, but I’m not sure how to do so. Would I use the identity-validate
or identity-signup
webhook to call a Function that creates a new row in the user table? Or should I just switch to using GoTrue-JS and create the new user row when the signup promise is successful?
Hi @avrame and welcome !
I’m using Netlify’s Identity Widget for signup/login etc. I want to have a database table that is linked to each Identity account so I can store more info about each user.
Yes, you can, but just an FYI, don’t necessarily have to.
One option is to use Netlify’s user_metadata to store some profile info that is not sensitive – say preferences, etc. You would then join in on the decoded sub in your other models.
Netlify provides tokens that give you access to modify your own info:
Here, I can store profile info up in Netlify is it will be part of the user_metadata in the JWT.
Netlify also provides some short-lived admin access (api side only) to so more admin tasks, get fetching a user list from their identity store:
So one option is to use Netlify to store and manage your user profile info – including roles.
That said, if you do want to store a User table – and there are lots of good scenarios for this – have a look at:
- Role-based Access Control (RBAC) | RedwoodJS Docs in
Roles from a Database
section
But, please be sure to requireAuth()
appropriately on your service and ensure that your resolvers don’t leak any private user info.
And for the Netlify triggered functions:
- redwoodblog-rbac/api/src/functions/identity-signup.js at master · dthyresson/redwoodblog-rbac · GitHub
- redwoodblog-rbac/api/src/functions/identity-login.js at master · dthyresson/redwoodblog-rbac · GitHub
and
- Role-based Access Control (RBAC) | RedwoodJS Docs in the
How to Default Roles on Signup using Netlify Identity Triggers
section
FYI -
To prevent external requests to event functions, Netlify generates a JSON web signature (JWS) for each event triggered by our platform, and verifies that the signature is correct before invoking an associated event function.
So those identity-*
functions can only execute if from a login or signup attempt on Netlify. Thus unlike other incoming webhooks, the signature is already verified for you.
Thanks for the detailed response! I think I’ll go with the webhooks. Is there a webhook that fires even when a user signs up with a federated account?
As far as I am aware, their identity-signup
fires on every signup.
I am not sure Netlify identity supports multiple logins for the same user like Auth0 does for its account linking identities: User Account Linking.
According to the documentation, identity-signup
only fires with a standard signup.
From Registration and login | Netlify Docs
Note that this fires for email+password signups only, not for signups via external providers such as Google or GitHub.