Is it possible to override user attributes in a post-login action?

Use-Case

Auth0 contains personally-identifiable information (PII) that we don’t want to share with a particular application. We do want the user to be able to log in to the application and get a valid session. I don’t want to change the actual data in Auth0, just the presentation to this client application.

Is it possible to override the PII fields on the token during the post-login flow?

I’m imagining something like

exports.onExecutePostLogin = async (event, api) => {
  const { user_id: id } = event.user
  api.user.setEmail(`${id}@example.com`);
  api.user.setName(`Anonymous User ${id}`)
  api.user.setNickname(`Anonymous`)
};

These APIs don’t actually exist. Is there something else that would accomplish this?

Possibly related: Actions: How do I *set* an event.user.nickname?

1 Like

Hi @jrosen-cc,

Yes, you should be able to override the user attributes without permanently updating them.

Here is an example:

exports.onExecutePostLogin = async (event, api) => {
  const { user_id: id } = event.user
  event.user.email = `${id}@example.com`
  event.user.name = `Anonymous User ${id}`
  event.user.nickname = `Anonymous`
};

Thanks,
Rueben

2 Likes

This is very helpful. Thank you!

It’s not clear from any of the examples on the website that event is mutable or that mutations will be carried through the rest of the process.

2 Likes

Hi @jrosen-cc,

You’re welcome!

Yes, that’s true. I will add that it’s usually only used in cases where you need to map user_metadata/app_metadata into claims in the SAML Response.

Feel free to reach out again if you’ve got more questions!

Cheers,
Rueben

1 Like

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.