Set User Metadata Is Not Working Inside Post Login Action

Hi, this is Yasin.


This is for social login providers. I am trying to set the user metadata and read it after setting it, in a single post login action file. However, I get an error.

Either the user metadata cannot set on Step 5 or the newly set user metadata cannot be read in Step 6 because I get an error

This is a fundamental issue and I have to solve it as quickly as possible.

Thank you so much!

Post Login Action - Code Flow (Please read)

Code flow is like this:

  1. Check if the attempt is a social login.

  2. If true, check if there is a certain key/value pair in metadata by

  3. If there is no metadata, it could be undefined, empty, null, etc. This means that I have not created this user also on my external database.

  4. Hence, run a method that creates the user on external db (Hasura, in this case). Return the created user object. (This step works successfully. I am very grateful that Auth0 allows such an operation by the way.)

  5. Using this user object, set user metadata as following:
    api.user.setUserMetadata("hasuraUser", hasuraUser).

  6. Now, get the newly set event.user.user_metadata.hasuraUser attribute, then set custom claims for tokens.
    _claim property just uses the id as Then,

  • api.accessToken.setCustomClaim(_namespace, _claim);
    api.idToken.setCustomClaim(_namespace, _claim);
  1. Finish Post Login action.
1 Like

Hi @yasin,

Thanks for reaching out to the Auth0 Community!

I understand that you’ve been encountering issues trying to make the Post Login Action script work with a Google Social Login connection.

First, I noticed that you are trying to accomplish your logic in steps 1-6 using a one Post Login Action script.

This will not work as you have observed because the user_metadata does not show the newly added attributes.

To make this work, you’ll need to use 2 Post Login Action scripts.

In your first script, I recommend that you implement the logic from steps 1 - 5.

And then, in your second script, I recommend implementing the logic from step 6.

Once that is done, you can set the user metadata to your social login users and append the custom claims to your Access and ID tokens.

Please let me know how there’s anything else I can do to help.

Thank you.

Hi @rueben.tiow,

Thanks a lot. I didn’t know that using 2 action scripts, one after the first would solve the issue. I haven’t tried this yet. Currently, I solved it like this:

  • In step 5, I assign a key/value using the user data that returned as:
    api.user.setUserMetadata("hasuraUser", hasuraUser)
    nothing is changed in this step.
  • But in step 6 and after, instead of trying to use the newly set metadata by reading it (which is not possible):
    const _user = event.user.user_metadata.hasuraUser
    I use the user data from step 5 again

I am still curious why does event.user.user_metadata not change even though api.user.setUserMetadata() method is called successfully?

I haven’t seen a doc saying that it is not possible in a single file and I struggled at this point too much while developing a Post Login action script.

I mean, everybody is working hard at Auth0. It is as clear as day and I appreciate it. Not complaining too much about it but when the work is 95% done and there is that one simple unknown situation made me question the whole logic :smiley:

Anyways, thanks a lot for caring.

Hi @yasin,

Thank you for your response.

I’m glad to hear that you managed to find a workaround in your implementation.

This is a good point, and logically you should be able to get the user_metadata after being set on execution.
The reason this may happen is that some triggers are executed synchronously, blocking the flow in which they are involved, and some are executed asynchronously, as described in our Understand How Auth0 Actions Work docs.

Hoped this helps!

Please don’t hesitate to let me know if there’s anything else I can do to assist.

Thank you.

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.