Should the /userinfo endpoint always be called from getUser?

[njpearman]

Hi,

We just encountered an issue with our Auth0 integration where the /userinfo endpoint was rate limited. This happened because we were calling getUser on each page load / request in our app to make sure the access token is valid and refreshed (we're using refresh tokens). However, getUser always calls Auth0 /userinfo even if the access token / ID token is still valid rather than short circuiting if there is non-expired credentials.

As things stand, I've implemented a check in our code to only call getUser if the token is near expiry or invalid according to the isValid function. I feel that this logic should be incorporated into auth0-remix-server though.

Is it by design that getUser always calls /userinfo? Could that method also check the validity of the credentials first?

[meza]

Honestly I hope we get the remix middleware support sooner rather than later, that would help us BIG TIME.

For now, I've added a user profile cache support in https://github.com/meza/auth0-remix-server/releases/tag/v2.3.0

Described here: https://github.com/meza/auth0-remix-server#caching-the-user-profile

I'm currently using it with dynamo and it helps to reduce the load a lot.
Could wire Redis up there too, it also has support for TTL fields.

[meza]

The thing is with remix that you don't know what environment people will be using it from. On the edge, lambdas or long running express servers. Each has its own way of dealing with "memory". I wouldn't want the library to store any kind of state as it would limit its use. With this new cache hook pair it should give us some way of handling it.

Maybe we could publish packages that deal with common usecases? Like dynamo, redis, memcache and the likes

[njpearman]

I think this makes sense but I'm defs not familiar enough with Remix to fully understand! The "cache hook" is a nice addition though so I'll see how it works (..when I get time to look...)

[meza]

The big issue with Remix is that when you open a page that has a loader and the Root has a loader too and things also have useLoaderData, then every single one of them will execute at once in parallel. Pair that with react double rendering pages in dev mode, I've been getting timed out by auth0 for "too many requests" lately 😅