Manage User Metadata and App Metadata

walter.adbe · December 19, 2023, 12:46am

Hi,

I have a issue with Auth0 user management.
Following is the user case.
I have three application is Auth0

Management API
Machine to Machine application
Single page application.

I also have two database connection

Database A
Database B
Note: Both the database connection in Auth0 are connected to a common database is AWS.

I am also making use of App_metadata and User_Metadata to build tokens.

I am observing the following behaviour.
When i login using Single page application [user@gmail.com], I am adding some information in App_metadata and User_metadata. Single page application is connected to Database A

When i login using Machine to Machine application [I have my own login logic in the backend and i am using Auth0 to authenticate], some information is added to User and App metadata.

The problem i face is in User management.
Application 1: When i login using SPA a user is added in User Management → Users [with user@gmail.com, Connection: Database A].
Application 2: When i login using M to M a user is added in User Management → Users [with user@gmail.com, Connection: Database B].
But when i login using Application 2, Application 1 App and User metadata is also getting updated which in-turn causes issue when new access token is issued.
Application 1 is creating a new access token using App and User metadata which was recently updated.
Will it be possible to make sure Application 1 and Application 2 [App and User metadata] remains distinct and only updated respective one.

rueben.tiow · December 19, 2023, 4:30pm

Hi @walter.adbe,

Thanks for reaching out to the Auth0 Community!

It appears that the way you have written your Post-Login Action script to append user_metadata and app_metadata properties to the access token, does not consider the condition where the user is authenticating against the SPA or M2M.

Consider using a conditional statement to check which app the user is authenticating against when appending custom claims. For example:

exports.onExecutePostLogin = async (event, api) => {
  const namespace = "http://yourNamespace/";
  if(event.authorization){
    if(event.client.name === 'SPA'){
      api.accessToken.setCustomClaim(`${namespace}user_metadata`, event.user.user_metadata)
      api.accessToken.setCustomClaim(`${namespace}app_metadata`, event.user.app_metadata)
    } else if (event.client.name === 'M2M'){
      api.accessToken.setCustomClaim(`${namespace}user_metadata`, event.user.user_metadata)
      api.accessToken.setCustomClaim(`${namespace}app_metadata`, event.user.app_metadata)
    }
  }
};

Doing it this way will only append custom claims based on the application the user logs into.

Please let me know if you have any questions.

Thanks,
Rueben

Topic		Replies	Views
Users App_metadata not getting updated when multiple application involved Get Help user-profile , user-management	0	388	January 26, 2024
Auth0 App_metadata Get Help user-profile , user-management	3	460	January 23, 2024
Get app_metadata Stored In Auth0 using Social Connection Get Help management-api , connections-management-api	9	1443	August 31, 2023
SPA - User update own user metadata Get Help api	2	3408	May 26, 2021
PATCH user.app_metadata isn't behaving as documented Get Help bug , management-api , app_metadata , documentation	2	5280	March 2, 2018

Manage User Metadata and App Metadata

Related topics