During login, how can I share user metadata from one tenant to another?
Background: My company uses two Auth0 tenants in production. Tenant A has our legacy user database, including important custom metadata, and Tenant B has our user-facing login page, whose behavior depends on the custom metadata. During login, we use a Rule in Tenant A to copy a field from Tenant A user_metadata into an idToken claim. Then, in Tenant B, we have a second Rule which reads the claim as a property on the user (e.g. const claimValue = user[claimName];).
Rules are going away, so I’m rewriting the above logic using Actions, but I’ve run into two problems.
Problem 1: I’ve attempted to migrate the Tenant A rule to an action, and I’m following Auth0’s docs for how to set id token claim from an Action: api.idToken.setCustomClaim(namespacedClaimName, claimValue);. The namespacedClaimName and claimValue are identical between the Rule and my Action. However, when I replace the Rule with my Action, Tenant B’s Rule can’t see the claim anymore, because the claim name is no longer defined on the Tenant B user object.
Problem 2: I will also need to migrate Tenant B’s Rule to an Action, but Actions are not allowed to read custom properties that were set on the user object, as my Rule currently does. A popular Auth0 Community thread which asks how to read token claims from an Action has not been answered (the post mentions accessToken, but the same question applies to id token). The Post-Login Actions API docs describe how to set token claims, but not how to read them. I’d be willing to put this info elsewhere instead of in a token, but (I think) userMetadata and appMetadata from Tenant A are not available in Tenant B.