Feature: timestamp “last_token_exchange” in user profile, when user last refreshed tokens
Description:
A field like last_login, but then for token refreshes, such as “last_token_exchange”.
Use-case:
We like to build ‘inactive account deletion’. The goal is to remove accounts of users that haven’t used their account in the last 2 years. The problem is however that we use a offline refresh_token that (AFAIK) when used does not update the user field “last_login” timestamp. This means that it is impossible to know whether any of the users is still refreshing their tokens from their phones.
Ideally, I’d like a field to be exposed with a timestamp that is incremented each time a refresh token is used. Maybe Auth0 already has such a field available internally. Could such a field be made public?
Hi thanks for the reply @dan.woda, but this does not help, because updating the user metadata in a Login Flow Action does not scale with the rate limits that are in place on the Management API. For most tenants this might be sufficient, but with our active user base this becomes problematic.
Hi Dan, does setting the metadata via the api in the Action not influence the rate limit? I notice the docs mention that multiple changes are also aggregated and only make a single change at the end of the Action. Is this different from how this worked in Rules?