[mooreds]

Yeah, I see two common patterns with people using an external auth server.

1. store everything user related in there, rely on APIs or syncing if the application needs user attributes

2. store nearly nothing in there, just credentials, MFA, account recovery info and anything else related to authentication. All profile data is stored in each app

Both can work, they just have tradeoffs.