I have a rule to attach user_metadata to the idToken and accessToken. It looks like this:
// @see: https://auth0.com/docs/scopes/sample-use-cases-scopes-and-claims
function setUserMetadata(user, context, callback) {
const namespace = ''example_namespace';
context.idToken[`${namespace}user_metadata`] = user.user_metadata;
context.accessToken[`${namespace}user_metadata`] = user.user_metadata;
callback(null, user, context);
}
I’m also using universal login to authenticate users in a React SPA with localstorage as the cacheLocation.
createAuth0Client({
domain: AUTH0_DOMAIN,
client_id: AUTH0_CLIENT_ID,
audience: AUTH0_AUDIENCE,
redirect_uri: AUTH_REDIRECT_URI,
cacheLocation: 'localstorage',
})
After enabling the rule, I log out and log back in. Upon logging in, I inspect localstorage to see if user_metadata is attached but I don’t see it. I omit cacheLocation and have auth0 default cacheLocation to memory. After, I set cacheLocation to localstorage again so I can inspect the JWT. I’m now seeing the new fields in user_metadata.
Is this intended behaviour? Does logout not clear localstorage? Does changing cacheLocation force the auth0 client to refresh and grab a new token? For reference, logout is from useAuth0
const { isAuthenticated, logout, loginWithRedirect, isLoading: isAuthLoading } = useAuth0();
...
const handleLogout = () => logout({ returnTo: window.location.origin });