Using the Management API in Actions

Last Updated: Dec 20, 2024

Overview

This article details how to call the Management API in Actions.

Applies To

• Management API
• Actions

Solution

Please see the below video.

There are two methods for interacting with the Management API from within Actions, depending on the goal:

Method 1: Updating User Metadata (Built-in):

To update user metadata within a pre-user-registration or post-login Action trigger, use the built-in api object with the appropriate method:

• To set user metadata:

api.user.setUserMetadata(name, value)

• To set application metadata:

api.user.setAppMetadata(name, value)

Method 2: Other Management API Operations (Machine-to-Machine Application)

If using the Management API for operations other than updating user metadata, follow this step explained in Create Machine-to-Machine Applications for Testing

Using the Management API in a Custom Action:

1. Create a Machine-Machine Application for the Action:
   
   

   rtaImage (23).jpeg560×500 24.5 KB
2. Authorize the Machine-to-Machine Application created in Step 1 to access the Management API, ensuring the required permission scopes are granted.
   
   

   rtaImage (24).jpeg647×500 24.1 KB
3. Navigate to the settings page for the Machine-to-Machine Application and locate its domain, client ID, and client secret.
   
   

   rtaImage (7).jpeg2122×1362 71.9 KB
4. 1. Securely store the domain, client ID, and client secret retrieved in Step 3 within the custom Action’s event.secrets object.
      
      

      rtaImage (25).jpeg690×387 38.4 KB
5. 1. Add the auth0 Node.js module as a dependency in the Action editor.
      
      

      rtaImage (26).jpeg690×325 35.3 KB
6. 1. Initialize the Management API client within the Action script, using the application credentials stored in event.secrets.
      • Use the initialized Management API client object to perform the desired API operations within the Action script logic.
      • Example: A common use case is assigning a default role to a user upon their first login within a post-login Action. The code snippet below illustrates initializing the client and calling the relevant Management API endpoint:
        This post-login Action example adds a default role to the user when they first log in.

exports.onExecutePostLogin = async (event, api) => {
  if (event.stats.logins_count !== 1) {
    return;
  }

  const ManagementClient = require('auth0').ManagementClient;

  const management = new ManagementClient({
      domain: event.secrets.domain,
      clientId: event.secrets.clientId,
      clientSecret: event.secrets.clientSecret,
  });

  const params =  { id : event.user.user_id};
  const data = { "roles" : ["ROLE_ID"]};

  try {
    const res = await management.users.assignRoles(params, data)
  } catch (e) {
    console.log(e)
    // Handle error
  }
};

NOTE:

• Calls to the Auth0 Management API and User Metadata updates made from within Actions are subject to rate limits. Minimize Management API usage within Actions to prevent exceeding these limits. For further details, refer to the documentation on Actions Limitations and Limiting Calls to the Management API.
• When updating user information via Actions, using a post-login Action is generally recommended over using a post-user-registration Action. Refer to the relevant FAQ for additional context in Is it Possible to Use a Post-User Registration Action (or Hook) to Update a User