I’m having uproblem with getting updated information in PHP-SDK
Scenario:
User registers for account and is being logged into the app
In getCredentials response, I have email_verified as false
Users verifies emails
I periodically issue renew() in PHP-SDK, to see if email_verified is true and my action (performed on Login flow) added api.idToken.setCustomClaim(“custom_date_here”,(new Date)+‘’)
I can see in the logs, that action is being performed correctly, without any issues, but getCredentials (after renew call) does not update email_verified or custom_date_here, which is unexepected. How to get updated data, without using management api in end user application server?
After logging out and log in back, it works greate, but how to refresh this data without logging out?
AFAIK, the Actions are executed only when the user sign in and when a new refresh token is requested.
After reviewing the Auth0-php docs, the following got my attention -
renew() - it uses an existing refresh token to receive new id and access token
getCredentials() - returns an object representing the current session credentials (including id token, access token, access token expiration, refresh token and user data) without triggering an authorization flow.
The above would explain why invoking these methods doesn’t trigger the Actions to execute.
Unfortunately, I’m 100% positive, that calling renew() from PHP, triggers action to execute (I can see it being executed in Auth0 logs + I receive this event using stream)
I use api.idToken.setCustomClaim in action, to add my custom claim. AFAIK custom claim IS part of the token, so under definition ( it uses an existing refresh token to receive new id and access token) this data should be available.
Is there any way to get updated user data using authentication API?
Based on my tests and the documentation for the the post-login Action, unfortunately updating the user profile data occurs at the end of the action(s) within a flow. So if within a particular action you change a user metadata value from, for example, false to true AND you use this value (referencing an object) as a value for the custom claim, at first your claim will consists of the old value (false) and during another action run, it will take the updated value.
exports.onExecutePostLogin = async (event, api) => {
const namespace = 'https://myapp.example.com';
const preffered_contact = event.user.email;
api.user.setUserMetadata("new_metadata_key", preffered_contact);
//the below metadata currently takes value "flase" and we update it to "true" at the end of this action (at the end of all actions in this flow)
api.user.setUserMetadata("another_new_metadata_key", true);
// Set claims
//the below claim will be addedd durig the first login as we do not refer to a user metadata value that has been updated now
api.accessToken.setCustomClaim(`${namespace}/preferred_contact`, event.user.email);
//the below claim will be updated with the new value starting from the second time the action will run as we refer to the usermetadata that is currently being updated
api.accessToken.setCustomClaim(`${namespace}/another_new_metadata_key`, event.user.user_metadata.another_new_metadata_key);
};
If you would like to check an example of updating user metadata via the Management API, here’s a good topic for that.
Please let me know if you would like to discuss it further. Thanks!
Thank you! I will do this via stream events, but to me it looks like a broken / not coded functionality for token renewal. But of course I’m novice to auth0, so I may be wrong.