I am using Auth0 Actions post-login Trigger in two tenants for development.
I ran the exact same code on two tenants.
There are differences in the behavior of Actions between the two tenants.
- tenant A
- Runtime: Node 18 (Not Recommended)
- can access
event.secrets.client_secret
- tenant B
- Runtime: Node 22 (Recommended)
- can NOT access
event.secrets.client_secret
exports.onExecutePostLogin = async (event, api) => {
...
console.log(`event.secrets.client_secret: ${event.secrets.client_secret}`);
...
In older versions it works as expected, but in newer versions it is undefined.
Also, I can’t find secrets in the official document Actions Triggers: post-login - Event Object .
It would be helpful if you could tell me where there is a document I should look at.
I would like to know how to do something similar in the latest version.
It seems like I can resolve this issue myself.
I didn’t understand the basics.
I plan to add the results later.
After modifying the settings, the behavior is now the same for the two tenants.
It’s written in the part Add a Secret of the official documentation Write Your First Action .
I didn’t understand this mechanism.
And after this understanding, I confirmed the Secrets in post-login action of the two tenants.
- tenant A
- found
client_secret in Secrets
- tenant B
- Not registered
client_secret in Secrets
This meant that the previous developer had registered with A, but not with B.
I registered client_secret in B and the result was as expected.
My lesson is to understand the basics well before seeking help.
Hi @hiroaki_ohkawa
Welcome to the Auth0 Community!
Thank you for sharing the solution with other folks! There’s always room for questions, and I’m glad you found the answer and shared it. Team work! 
Thanks
Dawid
1 Like