How to get app_metadata and user_metadata THE RIGHT WAY


I’ve been reading many posts and tutorials (thanks for the effort, they are great!), but I didn’t found any single one that said: If you want to get/set app_metadata and user_metadata, without breaking the OIDC standard, this is how it’s done.

Because many of the tutorials/answers solutions was to break the OIDC compliance using rules, like if there is no other way…

My context is: I have a SPA in Angular and a Lambda backend of nodejs functions.

And the simple question is:
How can I get the app_metadata and the user metadata in the backend without breaking the OIDC standard?

I guess it should be done using the management API, but again, it’s not clear to me how to create an API the right way.


Hi @cdelgado,

Welcome to the Auth0 Community Forum!

There are multiple ways to achieve this. You can add the claims to the token via OIDC conformant custom claims:

Or request them from the management api in the backend like you described.

Hope this helps!


This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.