Updating user metadata on password change

I have a flow that does the following

 * Handler that will be called during the execution of a PostChangePassword flow.
 * @param {Event} event - Details about the user and the context in which the change password is happening.
exports.onExecutePostChangePassword = async (event) => {
  const { MGMT_DOMAIN, MGMT_ID, MGMT_SECRET } = event.secrets;
  const ManagementClient = require('auth0').ManagementClient;
  const management = new ManagementClient({
    domain: MGMT_DOMAIN,
    clientId: MGMT_ID,
    clientSecret: MGMT_SECRET,
    scope: 'read:users update:users',

  try {
    await management.updateUserMetadata({ id: event.user.user_id }, { is_password_initial: false });
  } catch (error) {
    console.error('An error occurred while updating user metadata:', error);

This code is setting is_password_initial to false so that we know the user already set the password at least once. This value is used in our email template to chose what template to use (we wanted to use last_password_reset but it s not accessible in email template…)

Sadly, even tho the secret are set to our application, this is_password_initial is NEVER set to false, and remain to true all the time. It looks like I can’t authenticate bevause there is no client_credentials grant type set, but since I use an SPA for application type, I can’t allow that option…

How am I supposed to update the user metadata on this post change password hook ?

What is wrong with my code ?

Hi @federico,

Thanks for the question.

The Action should be treated as it’s own application. You will want to register a new, M2M application for your Action, and use that client id and client secret (it should have the client credentials grant allowed).

Also, you probably want to use the user’s app_metadata property. The user’s user_metadata is for data that is mutable by the user (i.e. favorite color). Auth data should be store in the user’s app metadata.

Hope this helps!

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.