hi, I'm trying to do authentication for new API gateway with prisma, I'm using express and auth0. What's the correct approach for this? Should I store received token in db myself? Or auth0 already stores session and I should validate token with some API method?