I am creating an SPA(Angular 10) that would get the access token from OKTA using Okat-Auth-JS, as we want to use Material login form.
We then want to save the user data received after logging into the database.
We’re using Couchbase and we need a unique identifier to be used to create the document key stored in the db.
My question is, would it be a good practice to use the “sub” from the claims to achieve this, or is it good practice to store the value of “sub” in the database.
the ID token sub claim is hard-coded to always contain the okta user id and it can safely be used for storing a list of ids tied to each user accessing the Angular app
Just to double check that I’m getting it right, storing the “sub” in DB and using it as the userId throughout the application(SPA, multiple microservices) is acceptable and is not a security hazard?