Forgive the noob question, I’m trying to properly frame the appropriate use of OKTA inside my projects.
Say, your users enter a lot of profile data into your app that results in a large JSON object (many fields, many objects, many arrays of data that is not related to authentication or role-based authorization. My current thinking suggests it makes sense to keep that data inside my own database and not put it in the users’ OKTA profile.
So, I would, for example, associate the sub returned from OKTA with the respective internal user’s profile in my database.
So, my users would authenticate via OKTA, and after that, I pull any of their additional information out of my own database.
Is this good practice? Or is it better practice to consolidate everything regarding user profiles into OKTA?