Need accessToken in Action to make additional Social calls to set app_metadata?


Please help me figure out the process I should be following. I have created a Custom Social Connection for Twitch API as I needed additional scope that Auth0’s integration doesn’t have (it only has two very basic permissions).

My current flow is:

  1. User logs in with a Twitch account
  2. Custom Social Connection
    • uses accessToken to fetch user account data from Twitch API
    • provides user account data to Auth0 so it can setup a user profile/record

Auth0’s normalised User Profile is limited, I want to store a few additional bits of user information that I get from making additional Twitch API calls. All Twitch API calls require a Bearer accessToken which are accessible in the Custom Social Connection page but it uses the normalised user model so I cannot store additional information from here, afaik.

I created a custom Post Login Action to store additional data in a user’s app_metadata but I can’t make Twitch API calls from here as I don’t think I have the accessToken here.

Please advise on how I can make additional Twitch API calls for data and where I can store them. I think Auth0 is this extensible? It would be great to avoid setting up a database, syncing it with Auth0, etc just for one or two additional user properties.

Thank you :slight_smile:

Hey there @2vYEjLFtkUPpbDR welcome to the community!

Have you been able to make any progress on this?

I’m not positive I follow your use case entirely, but perhaps the following topic may be of use:

Thinking out loud here, perhaps you could use the Management API elsewhere to add the requisite metadata?

Keep us posted!

As I understand it, app_metadata is used to store additional data. I want to store additional data about the user e.g. is the Twitch user logging in through the Custom Social Connection subscribed to a specific channel, and if they are a moderator for a specific channel, stored as booleans.

To get these additional bits of data I need to make two API calls to the Twitch API. These routes are protected and require sending an accessToken that is provided to the user after logging in.

I can’t do it using Actions or Rules since the accessToken given to the user when they log in through the Custom Social Connection is not available in Actions or Rules.

I can make the API calls in the Custom Social Connection’s “Fetch User Profile” code section but app_metadata is not accessible from here. I can only store data in the format that Auth0’s normalised User Profile uses. And for some reason I can’t set e.g. nickname (a normalised property I don’t need since I have the email or user id) to a coded string such as “tf” to be used as true and false for the boolean examples in my first paragraph of this post.

From my limited knowledge, I don;t think it;s possible using Auth0 at the moment/

I need one of these things to happen:

  • Let us set app_metadata in the Custom Social Connection login custom code section
  • Give us access to the accessToken returned by a Custom Social Connection in Rules/Actions
  • Similar to the first solution, give us more control over the data that we can save to an Auth0 User Profile model

This makes me ask, what is the point of a Custom Social Connection if you can’t save additional custom user/app data from that Custom Social Connection. Any valuable third party login and API will have protected routes that need an accessToken to retrieve scope/claims data. There is currently no way to save this data?

@tyf Hey, sorry to bump you, would you happen to know if any of the above is possible? Is this something I can use Auth0 for? Thank you.

Hey there @2vYEjLFtkUPpbDR sorry for the delayed response!

You’re correct in that the access token won’t be available until the login flow (and action(s)) is complete, but you will have access to the token in the user’s identities array. I don’t see why you couldn’t use the access token available on the user to get those details and add them to metadata outside the scope of an action.

In terms of then getting that on login once set, you’d probably want to add metadata as a custom claim:

Let us know if this helps!

1 Like