Laravel - How to programatically add user_metadata and app_metadata to a user?

Dear Auth0 Community,

I’m in need of guidance regarding enriching a user’s profile. I never expected such a trivial thing to be so complicated!

TL;DR: I followed the tutorial here and now I have no idea of how to allow the logged-in users update their profile, by making use of standard claims, as well as custom claims. Moreover, I can’t understand how to programatically update the users’ app_metadata.

Long(er) version: After three days of going back and forth through the Auth0 documentation, tutorials, as well as community posts, the only thing I was able to figure out, was that the user’s profile info can be fetched with Auth0::getUser()['profile']. Then I came across this thread Easiest way to grab user_metadata with Laravel SDK, which unfortunately didn’t really helped me understand the procedure of achieving my goal.

To conclude (with a question), is there any Laravel-based tutorial specifically made for beginners like me, that could at least point me into the right direction?

Many thanks.

Hi there @roenfeldt and I hope you had a fantastic weekend!

As mentioned in the referenced post above I would point you towards building a rule that adds custom claims to one of your tokens, whether it be an ID token or Access token for the user attributes you’re looking for. I’ve shared a few docs below that dives into leveraging rules and how powerful they can be in your user workflow.

However if there is a specific point that you are confused about, I would be happy to help!

1 Like

Hello @James.Morrison,

Thank you so much for your help. I finally understood the basics of implementing rules into the authentication workflow, and they indeed seem to be very powerful! I’m in the process of fine-tuning my first rule. I’m posting it here, in the hope that it’ll help someone else in the future.

Basically, I’m using this rule in order to redirect the new member to an /onboarding route. New is the keyword here, because I’m checking for their given_name custom claim property (which is initially empty in case of a Username-Password-Authentication signup), and redirect them accordingly to the “onboarding” route, where they’ll be able to fill in some mandatory fields, as well as some optional ones, should they choose to.

// Redirect to onboarding if new memebr
function (user, context, callback) {
    console.log(undefined === user.given_name);
    if (undefined === user.given_name) {
        context.redirect = {
            url: "http://laravel.test/onboarding"
    return callback(null, user, context);

Hello again @James.Morrison,

I just ran into a new issue that I simply cannot figure out. I’m hoping that you could clarify it for me.

My Laravel app is still based on the Auth0 tutorial here

As I explained in my previous reply, I’m trying to offer the newly-registered member a way of enriching their profile by allowing them to fill out some personal data, as the next step either after signing up, or after logging in, in case they haven’t already filled up their user.given_name attribute.

In order to check if the user was successfully authenticated, I’m calling the Auth::check() method within the .blade file that’s connected in Laravel to the /onboarding route.

However, the user’s authenticated status returns false even after they’ve successfully authenticated, and were sent by the Auth0 rule towards the /onboarding route.

What’s the reason as to why the user’s authenticated status is wrongfully set to false?

I would highly appreciate your help figuring out a solution to this annoying problem.

Thank you.

I would be happy to help on this front but to have a better idea of what’s going do you mind capturing a HAR file of the login event happening for a new test user and sending it over in a DM? Please be sure to select “Preserve log” to catch redirects and scrub the file of user passwords before passing, thanks!

Thanks for the fast reply! The thing is, I think I figured out the part where the authentication didn’t go through. Based on the Auth0 Docs information on redirecting users from within rules, my app was not sending the original state URL parameter and its value back to the /continue endpoint. I fixed that, and now my Laravel app shows that the user is indeed authenticated. However, now there’s one new issue. The rule doesn’t seem to be able to redirect the user to the /onboarding endpoint.

Should I go ahead with capturing a HAR file, as per your suggestion, or is there anything else I should do?

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.