Looking for best practice to authorize a user for access to certain Airtable data.
My current approach is to store the Auth0 userID field in my users table in airtable - that user record is linked to all of her data in my backend.
For all Airtable calls throughout the app, I’m filtering in the backend by that auth0 userID so the user can only receive data that they’re linked to.
This is fine, but leaves a little vulnerability as it does not utilize the token generated by Auth0, but rather just the static userID. While it’s a pretty long and seemingly random string, it is indeed static.
I can imagine a more secure approach where I utilize the token by doing the following:
When a user authenticates, I make a call to update their users record in Airtable with their token. Then in WeWeb, instead of filtering against the static auth0 userID, I filter based on the dynamic token.
Make sense? What’s the best practice here? Thanks!
