This page https://auth0.com/docs/authenticate/database-connections/custom-db/custom-database-connections-scripts/execution#identity-provider-tokens suggests that if I return an access_token and refresh_token in login custom script, the user profile will contains the linked identity.
I can’t find how I can retreive that information inside an Custom post-login action.
event.user.identities
only contains basic connection fields:
{ connection: 'custom-backend', isSocial: false, provider: 'auth0', userId: 'custom|2000000|4', user_id: 'custom|2000000|4' }
I manage to get it using the management API. But it seems overkill.
Even the test sample in action contains an access token
:
"user": {
"app_metadata": {},
"created_at": "2022-10-18T15:29:04.063Z",
"email_verified": true,
"email": "j+smith@example.com",
"family_name": "Smith",
"given_name": "John",
"identities": [
{
"connection": "Username-Password-Authentication",
"isSocial": false,
"provider": "auth0",
"userId": "5f7c8ec7c33c6c004bbafe82",
"accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gU21pdGgiLCJpYXQiOjE1MTYyMzkwMjJ9.Q_w2AVguPRU2KskCXwR7ZHl09TQXEntfEA8Jj2_Jyew",
"profileData": {},
"user_id": "5f7c8ec7c33c6c004bbafe82"
}
1 Like
How did you actually get the access token of the user in an action? I am running into the same issue, and the code I’m using with the management API isn’t working.
Here it is.
try {
const auth0Domain = 'MY AUTH0 DOMAIN';
const auth0ManagementApiClientId = event.secrets.CLIENT_ID
const auth0ManagementApiClientSecret = event.secrets.CLIENT_SECRET
const userId = event.user.user_id;
const response = await axios.post(
`https://${auth0Domain}/oauth/token`,
{
grant_type: 'client_credentials',
client_id: auth0ManagementApiClientId,
client_secret: auth0ManagementApiClientSecret,
audience: `https://${auth0Domain}/api/v2/`,
scope: 'read:users',
subject: userId,
}
);
const accessToken = response.data.access_token;
await axios.post('MY API URL', {
}, {
headers: {
Authorization: `Bearer ${accessToken}`,
},
})
console.log('Successfully called the API');
} catch (error) {
// Handle error response
console.error('Error retrieving access token:', error);
}
This code is succesful in getting A access token, but it’s not the same as the users, which I’ve verified by manually printing out the access token from this request and a valid request on the backend. So whos accces token is it, I don’t know??
Any help?
I only wanted to get the delegated access_token. You cannot access the actual auth0 token.
Hey team! 
Since this topic touches Auth0 Actions, quick heads-up that we’re hosting an Ask Me Anything dedicated to Actions with Gaston Danilo Asis Sanchez, Senior Technical Product Manager. We’ll cover practical usage, new capabilities like Transaction Metadata and Actions Types, plus a peek at what’s next. 
- Submit questions now through Aug 26

- Get detailed written answers live on Aug 27, 9–11 AM PT

Earn community points + a badge
. If you’re exploring how Actions can streamline your auth flows, this is a great time to get direct guidance from the team.
Join the AMA & drop your questions here: August 27 Auth0 Community Ask Me Anything: Actions
Dawid