Federated Claims in Auth0 Actions Migration

Overview

After migrating Rules to Actions in Auth0, users from SAML enterprise connections are unable to access certain attributes. Specifically, the federatedUserClaims attribute set in one Action is not accessible in a subsequent Action, whereas this worked in the Rules-based implementation.

When migrating from Rules to Actions in Auth0, it is important to understand that the data flow between actions differs. Unlike Rules, where the user object is shared across the entire pipeline, Actions require explicit data passing between them.

Applies To

  • Actions
  • Auth0 Rules to Actions Migration

Solution

Use Event User Metadata:

  • Actions provide an event object that contains user metadata, which can be used to pass data between Actions. For data to persist across Actions, store it in event.user.app_metadata or event.user.user_metadata.
  • Configure the first Action to store federatedUserClaims in app_metadata or user_metadata.

Example:

exports.onExecutePostLogin = async (event, api) => {
  const federatedUserClaims = /* logic to get federatedUserClaims */;
  api.user.setAppMetadata("federatedUserClaims", federatedUserClaims);
};

Access the federatedUserClaims attribute in the second Action (Standard Federated User).
Example:

exports.onExecutePostLogin = async (event, api) => {
  function getClaimsFromUser(event) {
    return event.user.app_metadata.federatedUserClaims;
  }

  const federatedUserClaims = getClaimsFromUser(event);
  // Use federatedUserClaims as needed

  // Optionally remove the federatedUserClaims attribute to prevent persistence
  api.user.setAppMetadata("federatedUserClaims", null);
};

NOTE: Ensure that Actions are executed in the correct order. The Action setting the federatedUserClaims should run before the Action that reads it. This can be checked and adjusted in the Auth0 Dashboard under the Actions section.