Problem statement
This article explains why an Event Object, like event.user or event.authorization is not updated after a Management API call like the one below:
const auth0 = require("auth0")
const mgmtClient = new auth0.ManagementClient({
domain: DOMAIN,
clientId: CLIENT_ID,
clientSecret: CLIENT_SECRET,
})
await mgmtClient.users.update({ id: event.user.user_id }, { nickname: "updated!" })
It reads user data in the event object after the Management API call.
console.log("event.user.nickname: ", event.user.nickname)
However, the change in user data is not reflected in this object.
Steps to reproduce
Execute this example Post Login Action:
exports.onExecutePostLogin = async (event, api) => {
console.log("===== UseManagementAPI =====")
const auth0 = require("auth0")
const {DOMAIN, CLIENT_ID, CLIENT_SECRET, ROLE_ID} = event.secrets
const mgmtClient = new auth0.ManagementClient({
domain: DOMAIN,
clientId: CLIENT_ID,
clientSecret: CLIENT_SECRET,
})
await mgmtClient.users.update({ id: event.user.user_id }, { nickname: "nickname updated!" })
console.log("event.user.nickname: ", event.user.nickname)
};
Cause
The event object is a “snapshot” of the state that is captured when the flow begins.
It doesn’t have a direct connection to the original data.
Note:
For the same reason, assigning a value to a property of the event object won’t change the original user data.
event.user.family_name = "It won't update the original data."
Solution
Update the original data (i.e., user data, which becomes an origin of event.user) separately from Actions.
Note that using Management API in Actions is not recommended from the performance perspective.
- Management API has a lower rate limit threshold than Authentication API, and it will create a bottleneck when called in the login flow.
- See Rate Limit Configurations for more information.