.NET Core - User Metadata in Token and Updating Values

Hey all,

I’m working on a .NET Core web app in which I want my users to be able to add/edit a field on their user profile (stored in their user_metadata). I’ve got a profile page with their data loaded from Auth0 (as stored in the ID Token), and created a Rule to append the desired user_metadata fields to their ID Token:

function (user, context, callback) {
  var namespace = 'https://myapp.com/';

  context.idToken[namespace + 'some_api_key'] = user.user_metadata.some_api_key;
  context.idToken[namespace + 'email'] = user.email;

  callback(null, user, context);
}

I’ve created a POST method to allow users to update these metadata fields and got a call to the Management API working (it’s being updated in Auth0). Unfortunately, since I’m relying on the ID Token to GET the data from Auth0, I have to log out and log back in for the update to propagate.

I’ve experimented with manually updating the token values in .NET Core using Claims, but haven’t had much luck (can’t get the updated Claims to be reflected in the app). I’ve also considered storing these metadata fields in their own cookie/token which I could update separately from the Auth0 ID Token. Ideally though, I’d like everything to be bundled together for a cleaner experience. Also, by keeping everything contained to the ID Token, I don’t have to maintain a separate database and/or make a call to the Management API every time I want those values.

Any recommendations? Thanks in advance for your help!

Replying to my own issue here, but I’ve decided what I’m going to do instead of trying to modify/manage the Auth0 token is create and maintain “metadata” token in a separate cookie. This way I can create, update, and delete the metadata as I need without affecting the user’s authentication status.

This seems to be the recommended solution for this type of issue, per some searching on editing .NET Core authentication tokens.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.