Add timestamp to user profile when user last refreshed tokens

Feature: timestamp “last_token_exchange” in user profile, when user last refreshed tokens

Description:
A field like last_login, but then for token refreshes, such as “last_token_exchange”.

Use-case:
We like to build ‘inactive account deletion’. The goal is to remove accounts of users that haven’t used their account in the last 2 years. The problem is however that we use a offline refresh_token that (AFAIK) when used does not update the user field “last_login” timestamp. This means that it is impossible to know whether any of the users is still refreshing their tokens from their phones.

Ideally, I’d like a field to be exposed with a timestamp that is incremented each time a refresh token is used. Maybe Auth0 already has such a field available internally. Could such a field be made public?

@herman,

Thanks for the feature request! In the meantime, you should be able to implement this with a Login Flow Action and metadata.

Hope this helps!

Hi thanks for the reply @dan.woda, but this does not help, because updating the user metadata in a Login Flow Action does not scale with the rate limits that are in place on the Management API. For most tenants this might be sufficient, but with our active user base this becomes problematic.

You can set the user’s metadata properties directly in the Action using the api object.

Hi Dan, does setting the metadata via the api in the Action not influence the rate limit? I notice the docs mention that multiple changes are also aggregated and only make a single change at the end of the Action. Is this different from how this worked in Rules?

You can set the property directly in the Action like I shared above, without using the management API (and rate limit).

I’m not sure I understand this question. Can you link to what you are asking about? What effect are you expecting this to have on your use case?