Update user_metadata info in "fetch user profile script"

gualtiero.testa · October 30, 2023, 11:52am

Hi,
in the fetchUserProfile script it is possible to add user attributes like in this code fragment

const profile = {
    user_metadata: {
        "test": 42,
    }
};
callback(null, profile);

If the user_metadata object contains already other properties, these will be deleted (i.e. the user_metadata object is recreated).

I would like to keep the user_metadata content (if any) and eventually override specific properties.

Use case: in the social login connection, the fetchUserProfile is executed at each login (and this is the right behavior). After login, I would like to store other user attributes in the user profile user_metadata (f.e. using Actions) without worrying they will be deleted at the next login.

How I can get this?

Thanks,

Gualtiero

marcelina.barycka · November 3, 2023, 8:17am

Hey there @gualtiero.testa !

Looking at our docs, it’s not recommended to return the app_metadata or user_metadata with the fetchUserProfile but to leverage the Actions instead.

gualtiero.testa · November 3, 2023, 8:50am

Thanks @marcelina.barycka but I don’t fully understand your answer.

I’m using the fetchUserScript to get user custom data to be saved in their profile.

Are you suggesting to do something like this:

const profile = {
    "test": 42,
};
callback(null, profile);

i.e save the custom data at the root of the profile?

marcelina.barycka · November 3, 2023, 10:08am

Here would go the root user attributes that are predefined in Auth0. These are: “user_id”, “email”, “given_name”, “family_name”, “name”, “nickname”, “picture”.

The User profile structure describes the above mentioned (1) root attributes you can update with the script and (2) metadata sub-objects that are not recommended to update via this script (most likely due to a reason you mentioned in this topic).

For updating user metadata Auth0 recommends using Actions and here you can read more about it - Manage User Metadata with the post-login Action Trigger

With actions, if you update only one metadata attribute, the other that already exists won’t be removed/overwritten.

Also one note worth mentioning:

Beware of storing too much data in the Auth0 profile. This data is intended to be used for authentication and authorization purposes, and users can edit their own user_metadata field, so don’t store sensitive data in it. The metadata and search capabilities of Auth0 are not designed for marketing research or anything else that requires heavy search or update frequency. Your system is likely to run into scalability and performance issues if you use Auth0 for this purpose. A better approach is to store data in an external system and store a pointer (the user ID) in Auth0 so that backend systems can fetch the data if needed.

Hope this help!

marcelina.barycka · November 3, 2023, 10:13am

Copied for a different topic, a sample code snipped for mapping root attributes, here mocked with hardcoded values (for your reference)

function(access_token, ctx, callback){
  // call the oauth2 provider and return a profile
  // here we are returning a "mock" profile, you can use this to start with to test the flow.
  var profile = {
    user_id: '123',
    given_name: 'Eugenio',
    family_name: 'Pace',
    email: 'eugenio@mail.com'
  };

  callback(null, profile);
}

system · November 17, 2023, 10:14am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.