Hi everyone,
I’m hoping to get some guidance from the community on an architecture/authentication question for a project I’m working on.
The Goal
I’m building a chatbot using n8n that will be embedded in the dashboard of a financial platform. After a client logs into the platform, they should be able to chat with the bot to ask questions about their own company’s financial data. The chatbot needs to provide personalized answers based on the specific data of the currently logged-in user.
The Tech Stack
- Frontend: A financial dashboard where clients view their business numbers.
- Authentication: User login is handled by Auth0.
- Data Source: The CTO of the platform can provide me with a dedicated API endpoint that will expose the financial data for a given client.
- LLM: The plan is to process the data retrieved from the API using an LLM. The interaction with the LLM will follow Anthropic’s API standard (MCP).
- My Part: I will use n8n to build the chatbot logic that connects the user, the data API, and the LLM.
The Core Problem
I’m trying to figure out the best and most secure way to let the n8n workflow know which user is currently interacting with the chatbot.
Once a user is logged in via Auth0 and is on their dashboard, how can the embedded chatbot be made aware of that user’s identity? I need to pass some form of user identification from the main application’s session to the n8n workflow. This will allow my workflow to then make a request to the correct data API endpoint for that specific user’s financials.
What is the standard approach for this? How can I securely pass a user’s token or ID from an Auth0 session to an n8n workflow that is powering an embedded chat?
My Experience Level
I’m comfortable with n8n, but I’m not an expert on authentication flows like OAuth or handling JWTs. However, I am more than willing to read up on it if I can get pointed in the right direction. I also have the support of the platform’s CTO, who can help with any necessary backend implementation.
I’m essentially looking for advice on the general concept and best practices. Any help or pointers to relevant documentation would be greatly appreciated!
Thanks so much in advance.
