Obtaining connection metadata in Auth0 rule

I went through the docs as well as checked the available methods on the auth0 management object available in rules - there doesn’t seem to be a way to access the connection metadata in the rule.

What I’m trying to do:
We have multiple Salesforce Community connections (and our customers can create their own). In the JWT we need a claim stating which community this user logged in to (as the same Salesforce user can belong to multiple communities).
The simplest solution I’m trying to implement now is to add the community ID to the custom connection’s metadata, and in the rules we will fetch it from the connection metadat put it in the JWT claims.

Is there a way to access connection metadata in rules?

1 Like

You can read connection metadata via the management API.

While it’s possible to use the management API with the access token provided by auth0.access_token as described here, it lacks the scope (read:connections) you need to read the connection metadata.

For this reason, you will need to request an access token via the client_credentials grant in the rule. You should create a specific non-interactive client for this and grant it only the read:connections scope.

  var request = require('request@2.56.0');
    url: 'https://your-tenant.auth0.com/oauth/token',
    headers: {
      'Content-Type': 'application/json'
    json: {
      'client_id': '...',
      'client_secret': '...',
      'audience': 'https://your-tenant.auth0.com/api/v2/',
      'grant_type': 'client_credentials',
      'scope': 'read:connections'
  function(err, response, body) {
    if (err) {
      return callback(err);
    if (response.statusCode !== 200) {
      return callback(new Error(body));
    var accessToken = body.accessToken;

You can then retrieve the connection metadata with the access token:

      url: 'https//your-tenant.auth0.com/api/v2/connections',
      headers: {
        Authorization: 'Bearer ' + accessToken
      qs: {
        'name': context.connection

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.