What is the options(client_id,secret) to send to make an api call, in action after post login (onExecutePostLogin)?


I am using auth, everything seems working fine :smile: , but i am blocked in one point : it is to send user_id of authO to my app, to store it in database.
After reading between rules and actions, i choosed the action.

1)I followed this tutorial

exports.onExecutePostLogin = async (event, api) => {
  const axios = require('axios');
  const namespace = 'https://myapp-example.com';
  const url = 'https://YOUR_URL';
  const options = {
    headers: {
      'Content-Type': 'application/json'
  const data = {
    username: event.user.username, 
    email: event.user.email

I don’t see here on the options where we set the client_id or client_secret, domain ?

2)Then i found another post here

  const tokenOptions = {
    method: 'POST',
    url: `https://${event.secrets.DOMAIN}/oauth/token`,
    headers: { 'content-type': 'application/json' },
    data: {
      grant_type: 'client_credentials',
      client_id: event.secrets.CLIENT_ID,
      client_secret: event.secrets.CLIENT_SECRET,
      audience: `https://${event.secrets.DOMAIN}/api/v2/`

This example is for PostUserRegistration, i am trying to do the same for PostLogin,

a) url: https://${event.secrets.DOMAIN}/oauth/token,
As i have a custom hostname, i should gave the domain of the custom hostname(auth.mysite.com) instead of my tenant (dev-xxxx) ?
b) event.secrets.CLIENT_ID and event.secrets.CLIENT_SECRET are retrieved from the event or those information i take from auth0>application> ?
I guess it is from auth0>application>basic information because when i do console.log(event.secrets) it’s empty.

Thanks a lot for your help !

Hi @Neos,

Thanks for reaching out to the Auth0 Community!

After taking a look at your Universal Login settings, I found that you are trying to use the Management API in Actions.

I recommend reading the How can I use the Management API in Actions? FAQ which explains in detail how to accomplish this.

Just to touch on the event.secrets, these are sensitive values that are saved in the Action’s Secrets section depicted by a Key icon. See below:

After adding the client_id, client_secret, and domain Secrets, you can call them inside the script with the event.secrets prefix.

(Reference: Write Your First Action - Add a Secret)

I hope this helps!

Please let me know how this goes for you.



Thanks for your answer and the explanation for the event.secrets.
I will try to be more clear of what i am trying to achieve.

I am using already machine to machine api for backend in nestJs and spa application for frontend. I am able to call from my frontend a protected url of the backend (nestJs).

My goal now is when the user sign up first time. In the action in postLogin, i want to send the userId generated from auth0 to to my api in backend which will add this user in my own database.
So my objective, is to call an api from auth0 to my nest js backend which is for example the following one.
This is the api that i expose in my backend, my frontend is able to call this api, but i need to call it from auth0 during the sing up, to send him the userId.
async insertUserId(
@Body(‘userId’) userId: string,
) {
// code which add here this id to my database
1)I read the example How can I use the Management API in Actions? but it is to use ManagementClient to assign the roles right. Can i use the managementClient to call my external api (/adduser)?

2)I was thinking that this tutorial is what i am trying to do but on this tutorial i don’t see where you are adding the client_id, client_secret or the domain to generate a token access which i should attach to the api (/adduser) that i am going to call right ?

3)Or should i proceed from the example which is here ?

I was trying the third, please let me know if i am on the wrong way ?
So i want to call from auth0 during the sing up, in post login, a endpoint that i created in my backend. To be able to call this endpoint i would need to attach the baerer token right ?

1 Like

@rueben.tiow i finally was able to call my external api on actions on post login, anway thanks for explanation regarding the mangament Api :slight_smile:

1 Like

Hi @Neos,

Thank you for your responses.

I’m glad you were able to call your external API in a Post Login Action!

Please reach out again if you have any further questions.


Hey there!

As this topic is related to Actions and Rules & Hooks are being deprecated soon in favor of Actions, I’m excited to let you know about our next Ask me Anything session in the Forum on Thursday, January 18 with the Rules, Hooks and Actions team on Rules & Hooks and why Actions matter! Submit your questions in the thread above and our esteemed product experts will provide written answers on January 18. Find out more about Rules & Hooks and why Actions matter! Can’t wait to see you there!

Learn more here!